Multiple IBM InfoSphere Master Data Management Products Information Disclosure Vulnerability

Bugtraq ID:	69253
Class:	Design Error
CVE:	CVE-2014-4775
Remote:	Yes
Local:	No
Published:	Aug 12 2014 12:00AM
Updated:	Aug 12 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Infosphere Master Data Management Server For Product Information 9.1 IBM Infosphere Master Data Management Server For Product Information 9.0 IBM InfoSphere Master Data Management Server 11.3 IBM Infosphere Master Data Management 11.0 ~~Collaborative IBM Infosphere Master Data Management 10.1 ~~Collaborative IBM Infosphere Master Data Management 10.0 ~~Collaborative
Not Vulnerable:

Multiple IBM InfoSphere Master Data Management Products Information Disclosure Vulnerability

Multiple IBM InfoSphere Master Data Management products are prone to an information disclosure vulnerability.

Attackers can exploit this issue to gain access to the application credentials through a man-in-the-middle attack. Successful exploits will lead to other attacks.

The following products are vulnerable:

IBM InfoSphere Master Data Management - Collaborative Edition 10.0, 10.1, 11.0 and 11.3
IBM InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1

Multiple IBM InfoSphere Master Data Management Products Information Disclosure Vulnerability

An attacker may use readily available tools to exploit this issue.

Multiple IBM InfoSphere Master Data Management Products Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple IBM InfoSphere Master Data Management Products Information Disclosure Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: Authentication credentials unprotected vulnerability in IBM® (IBM)