CVE-2015-1984
IBM InfoSphere MDM Collaborative Edition 9.1-11.4 < FP03 - Sensitive Info Exposure via Profile Bypass
Title source: llmDescription
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75474
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21960244
Scores
EPSS
0.0098
EPSS Percentile
58.1%
Details
CWE
CWE-200
CWE-264
Status
published
Products (5)
ibm/infosphere_master_data_management
9.1
ibm/infosphere_master_data_management
10.1
ibm/infosphere_master_data_management
11.0
ibm/infosphere_master_data_management
11.3
ibm/infosphere_master_data_management
11.4
Published
Jul 20, 2015
Tracked Since
Feb 18, 2026