Cross-Site Request Forgery Vulnerability in IBM InfoSphere Master Data Management Server
CVE-2020-4675

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Master Data Management
Vendor: CVE Published:; 16 July 2021

Summary

IBM InfoSphere Master Data Management Server version 11.6 is susceptible to Cross-Site Request Forgery (CSRF) attacks. This vulnerability could potentially allow attackers to carry out unauthorized actions on behalf of trusted users, exploiting the trust a web application has in the user's browser. As a result, an attacker could manipulate user-specific actions, compromising the integrity of user data and operations within the system. It is crucial for users to implement necessary security measures to mitigate this risk.

Affected Version(s)

InfoSphere Master Data Management 11.6

References

https://www.ibm.com/support/pages/node/6472927

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/186324

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2021
Vulnerability Reserved
Dec 30, 2019