IBM InfoSphere Master Data Management Collaboration Server CVE-2014-0966 SQL Injection Vulnerability

Bugtraq ID:	69255
Class:	Input Validation Error
CVE:	CVE-2014-0966
Remote:	Yes
Local:	No
Published:	Aug 14 2014 12:00AM
Updated:	Aug 14 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Infosphere Master Data Management Server For Product Information 9.1 IBM Infosphere Master Data Management Server For Product Information 9.0 IBM InfoSphere Master Data Management Collaboration Server 11.3 IBM InfoSphere Master Data Management Collaboration Server 11.0 IBM InfoSphere Master Data Management Collaboration Server 10.1 IBM InfoSphere Master Data Management Collaboration Server 10.0
Not Vulnerable:

IBM InfoSphere Master Data Management Collaboration Server CVE-2014-0966 SQL Injection Vulnerability

IBM InfoSphere Master Data Management Collaboration Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

The following products are affected.

IBM InfoSphere Master Data Management Collaboration Server 11.3, 11.0, 10.1, and 10.0.
IBM InfoSphere Master Data Management for Product Information Management 9.1 and 9.0.