CVE-2014-4785 : Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Serv

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published 2014-09-10 10:55:08

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)

Products affected by CVE-2014-4785

IBM » Initiate Master Data Service » Version: 10.0
cpe:2.3:a:ibm:initiate_master_data_service:10.0:*:*:*:*:*:*:*
Matching versions
IBM » Initiate Master Data Service » Version: 10.1
cpe:2.3:a:ibm:initiate_master_data_service:10.1:*:*:*:*:*:*:*
Matching versions
IBM » Initiate Master Data Service » Version: 9.5
cpe:2.3:a:ibm:initiate_master_data_service:9.5:*:*:*:*:*:*:*
Matching versions
IBM » Initiate Master Data Service » Version: 9.7
cpe:2.3:a:ibm:initiate_master_data_service:9.7:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-4785

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4785

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-4785

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-4785

https://exchange.xforce.ibmcloud.com/vulnerabilities/95032

IBM Initiate Master Data Service cross-site request forgery CVE-2014-4785 Vulnerability Report
http://secunia.com/advisories/60996

Sign in

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21682450

IBM Security Bulletin: Multiple Vulnerabilities in IBM Initiate Master Data Service (CVE-2014-4789, CVE-2014-4788, CVE-2014-4787, CVE-2014-4786, CVE-2014-4785, CVE-2014-4784, CVE-2014-4783)
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/69694

IBM Initiate Master Data Service CVE-2014-4785 Cross Site Request Forgery Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2014-4785

Products affected by CVE-2014-4785

Exploit prediction scoring system (EPSS) score for CVE-2014-4785

CVSS scores for CVE-2014-4785

CWE ids for CVE-2014-4785

References for CVE-2014-4785