CVE-2014-0967

Published: Jul 19, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected (5)

Products: Ibm: Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management

Ibm

2 products

Infosphere Master Data Management Collaboration Server

Infosphere Master Data Management Server For Product Information Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Collaboration Server	Version 10.0
Ibm Infosphere Master Data Management Collaboration Server	Version 10.1
Ibm Infosphere Master Data Management Collaboration Server	Version 11.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21677300

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92882

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21677300

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92882

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.