Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0873

Опубликовано: 16 мар. 2014
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:infosphere_master_data_management_server:8.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_master_data_management_server:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_master_data_management_server:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_master_data_management_server:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:infosphere_master_data_management_server:10.1:*:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.00103
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

github логотип

GHSA-pg7h-r4fr-rgwp

github
больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.

EPSS

Процентиль: 29%
0.00103
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352