CVE-2013-5427

Published: Feb 4, 2014Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users.

Affected (5)

Products: Ibm: Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management

Ibm

2 products

Infosphere Master Data Management Collaboration Server

Infosphere Master Data Management Server For Product Information Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Collaboration Server	Version 10.0
Ibm Infosphere Master Data Management Collaboration Server	Version 10.1
Ibm Infosphere Master Data Management Collaboration Server	Version 11.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.ibm.com/support/docview.wss?uid=swg21663181

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87536

Source: psirt@us.ibm.com

http://www.ibm.com/support/docview.wss?uid=swg21663181

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87536

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.