Multiple IBM InfoSphere Master Data Management Products Cross Site Request Forgery Vulnerability

Bugtraq ID:	69262
Class:	Design Error
CVE:	CVE-2014-0969
Remote:	Yes
Local:	No
Published:	Aug 15 2014 12:00AM
Updated:	Aug 15 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Infosphere Master Data Management Server For Product Information 9.1 IBM Infosphere Master Data Management Server For Product Information 9.0 IBM InfoSphere Master Data Management Collaboration Server 11.3 IBM InfoSphere Master Data Management Collaboration Server 11.0 IBM InfoSphere Master Data Management Collaboration Server 10.1 IBM InfoSphere Master Data Management Collaboration Server 10.0
Not Vulnerable:

Multiple IBM InfoSphere Master Data Management Products Cross Site Request Forgery Vulnerability

Multiple IBM InfoSphere Master Data Management Products are prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.

The following products are vulnerable:

IBM InfoSphere Master Data Management Collaboration Server 10.0, 10.1, 11.0 and 11.3
IBM Infosphere Master Data Management Server For Product Information 9.0 and 9.1

Multiple IBM InfoSphere Master Data Management Products Cross Site Request Forgery Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Multiple IBM InfoSphere Master Data Management Products Cross Site Request Forgery Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple IBM InfoSphere Master Data Management Products Cross Site Request Forgery Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: Cross-Site Request Forgery vulnerability in GDS component of (IBM)