Vulnerability Details : CVE-2014-0970
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject links via unspecified vectors.
Vulnerability category: Input validation
Products affected by CVE-2014-0970
- cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_master_data_management_collaboration_server:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0970
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0970
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2014-0970
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0970
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/92950
IBM InfoSphere Master Data Management - Collaborative Edition cross-site request forgery CVE-2014-0970 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21677304
IBM Security Bulletin: Link Injection vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0970)Vendor Advisory
Jump to