CVE-2014-8896

Published: Dec 22, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.

Affected (20)

Products: Ibm: Infosphere Master Data Management Server For Product Information Management, Infosphere Master Data Management Collaborative Server

Ibm

2 products

Infosphere Master Data Management Server For Product Information Management

Infosphere Master Data Management Collaborative Server

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.1
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.2
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.3
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.4
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.5
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.6
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.7
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0.8
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.0.0
Ibm Infosphere Master Data Management Server For Product Information Management	Version 9.1.0

Configuration B

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.1
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.2
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.3
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.4
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0.5
Ibm Infosphere Master Data Management Collaborative Server	Version 10.0.0
Ibm Infosphere Master Data Management Collaborative Server	Version 10.1.0
Ibm Infosphere Master Data Management Collaborative Server	Version 11.0
Ibm Infosphere Master Data Management Collaborative Server	Version 11.3
Ibm Infosphere Master Data Management Collaborative Server	Version 11.4

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21692176

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99049

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21692176

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99049

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.