IBM InfoSphere Master Data Management is vulnerable to a cross-site scripting Attack and could allow users to embed arbitrary JavaScript code in MDM User Interfaces and lead to disclosure of credentials. Insecure HTTP Method – TRACE discovered in MDM User Interface affects Inspector and Web Reports in IBM InfoSphere Master Data Management.
CVE(s): CVE-2016-9718
Affected product(s) and affected version(s):
This vulnerability is known to affect the following offerings:
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2v6gAoX
X-Force Database: http://ift.tt/2tJxQx0
The post IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718) appeared first on IBM PSIRT Blog.
| Affected IBM InfoSphere Master Data Management Server | Affected Versions |
| IBM InfoSphere Master Data Management | 10.1 |
| IBM InfoSphere Master Data Management | 11.0 |
| IBM InfoSphere Master Data Management | 11.3 |
| IBM InfoSphere Master Data Management | 11.4 |
| IBM InfoSphere Master Data Management | 11.5 |
| IBM InfoSphere Master Data Management | 11.6 |
from IBM Product Security Incident Response Team http://ift.tt/2v6xcNq
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.