CVE-2015-1984

IBM InfoSphere MDM Collaborative Edition 9.1-11.4 < FP03 - Sensitive Info Exposure via Profile Bypass

Title source: llm
STIX 2.1

Description

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75474
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21960244

Scores

EPSS 0.0098
EPSS Percentile 58.1%

Details

CWE
CWE-200 CWE-264
Status published
Products (5)
ibm/infosphere_master_data_management 9.1
ibm/infosphere_master_data_management 10.1
ibm/infosphere_master_data_management 11.0
ibm/infosphere_master_data_management 11.3
ibm/infosphere_master_data_management 11.4
Published Jul 20, 2015
Tracked Since Feb 18, 2026