CVE-2015-1980

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21960244	Patch Vendor Advisory
http://www.securityfocus.com/bid/75143

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:infosphere_master_data_management:9.1::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:11.3::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:11.4::::collaborative:::

History

No history.

Information

Published : 2015-07-20 01:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-1980

Mitre link : CVE-2015-1980

CVE.ORG link : CVE-2015-1980

JSON object : View

Products Affected

ibm

infosphere_master_data_management

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2015-1980", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-07-20T01:59:08.940", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/75143", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-11-30T03:00:33.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:9.1:*:*:*:collaborative:*:*:*", "vulnerable": true, "matchCriteriaId": "18359235-B788-4E8A-97E9-9E297712D102"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*", "vulnerable": true, "matchCriteriaId": "38FBFED0-F44F-48BF-96C0-33025890C4D5"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*", "vulnerable": true, "matchCriteriaId": "6FE73850-0816-4C28-B114-4FEB2A0B6586"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*", "vulnerable": true, "matchCriteriaId": "2B51C2B1-4363-455F-8A0D-F92BEDFC0BD4"}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:11.4:*:*:*:collaborative:*:*:*", "vulnerable": true, "matchCriteriaId": "C30A337D-6D75-4F46-AF7E-195AB539686C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}