CVE-2014-0970

Published: Jul 19, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors.

Affected (5)

Products: Ibm: Infosphere Master Data Management Collaboration Server, Infosphere Master Data Management Server For Product Information Management

Ibm

2 products

Infosphere Master Data Management Collaboration Server

Infosphere Master Data Management Server For Product Information Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Collaboration Server	Version 10.0
Ibm Infosphere Master Data Management Collaboration Server	Version 10.1
Ibm Infosphere Master Data Management Collaboration Server	Version 11.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21677304

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92950

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21677304

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92950

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.