CVE-2013-5426

Published: Dec 19, 2013Modified: Apr 29, 2026

4.9

Vector

AV:A/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 4.4 / Impact: 6.4

Source: NVD

Description

Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.

Affected (5)

Products: Ibm: Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management

Ibm

2 products

Infosphere Master Data Management Collaboration Server

Infosphere Master Data Management Server For Product Information Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Collaboration Server	Version 10.0
Ibm Infosphere Master Data Management Collaboration Server	Version 10.1
Ibm Infosphere Master Data Management Collaboration Server	Version 11.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21660082

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87535

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21660082

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87535

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.