CVE-2014-0966

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21681651	Vendor Advisory
http://secunia.com/advisories/60695
http://secunia.com/advisories/60693
http://secunia.com/advisories/60679
https://exchange.xforce.ibmcloud.com/vulnerabilities/92880

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:11.3:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management:10.0::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1.0.1:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1.0.2:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:11.0:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management:11.3::::collaborative:::

Information

Published : 2014-08-17 16:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-0966

Mitre link : CVE-2014-0966

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

ibm

infosphere_master_data_management
infosphere_master_data_management_server_for_product_information_management

6.5 /10