What is the severity of CVE-2014-0969?

CVE-2014-0969 is classified as a medium severity vulnerability due to the potential for cross-site request forgery.

How do I fix CVE-2014-0969?

To mitigate CVE-2014-0969, upgrade to IBM InfoSphere Master Data Management versions 11.0-FP5 or higher, or 11.3-IF2 and above.

Which IBM InfoSphere products are affected by CVE-2014-0969?

CVE-2014-0969 affects IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x and 11.x prior to 11.0-FP5, as well as InfoSphere Master Data Management Server for Product Information Management versions 9.x through 11.x before 11.3-IF2.

Is CVE-2014-0969 a remote attack vector?

Yes, CVE-2014-0969 allows remote authenticated attackers to perform actions on behalf of users due to the CSRF nature of the vulnerability.

What mitigation strategies can be employed for CVE-2014-0969?

In addition to upgrading, users can implement CSRF tokens and validate requests to mitigate potential risks associated with CVE-2014-0969.

Vulnerability/
CVE-2014-0969

medium

6.8

CWE

352

17/8/2014

6/8/2024

CVE-2014-0969: CSRF

First published: Sun Aug 17 2014(Updated: )

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to hijack the authentication of arbitrary users.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM InfoSphere Master Data Management	=10.0
IBM InfoSphere Master Data Management	=10.1
IBM InfoSphere Master Data Management	=11.0
IBM InfoSphere Master Data Management	=11.3
IBM InfoSphere Master Data Management Server for Product Information Management	=9.0
IBM InfoSphere Master Data Management Server for Product Information Management	=9.1
IBM InfoSphere Master Data Management Server for Product Information Management	=10.0
IBM InfoSphere Master Data Management Server for Product Information Management	=10.0.0.1
IBM InfoSphere Master Data Management Server for Product Information Management	=10.0.1
IBM InfoSphere Master Data Management Server for Product Information Management	=10.1
IBM InfoSphere Master Data Management Server for Product Information Management	=10.1.0.1
IBM InfoSphere Master Data Management Server for Product Information Management	=10.1.0.2
IBM InfoSphere Master Data Management Server for Product Information Management	=11.0
IBM InfoSphere Master Data Management Server for Product Information Management	=11.3

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21681649

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0969?
CVE-2014-0969 is classified as a medium severity vulnerability due to the potential for cross-site request forgery.
How do I fix CVE-2014-0969?
To mitigate CVE-2014-0969, upgrade to IBM InfoSphere Master Data Management versions 11.0-FP5 or higher, or 11.3-IF2 and above.
Which IBM InfoSphere products are affected by CVE-2014-0969?
CVE-2014-0969 affects IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x and 11.x prior to 11.0-FP5, as well as InfoSphere Master Data Management Server for Product Information Management versions 9.x through 11.x before 11.3-IF2.
Is CVE-2014-0969 a remote attack vector?
Yes, CVE-2014-0969 allows remote authenticated attackers to perform actions on behalf of users due to the CSRF nature of the vulnerability.
What mitigation strategies can be employed for CVE-2014-0969?
In addition to upgrading, users can implement CSRF tokens and validate requests to mitigate potential risks associated with CVE-2014-0969.

collector/nvd-index
agent/softwarecombine
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/remedy
agent/author
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm infosphere master data management
version/ibm infosphere master data management/10.0
version/ibm infosphere master data management/10.1
version/ibm infosphere master data management/11.0
version/ibm infosphere master data management/11.3
canonical/ibm infosphere master data management server for product information management
version/ibm infosphere master data management server for product information management/9.0
version/ibm infosphere master data management server for product information management/9.1
version/ibm infosphere master data management server for product information management/10.0
version/ibm infosphere master data management server for product information management/10.0.0.1
version/ibm infosphere master data management server for product information management/10.0.1
version/ibm infosphere master data management server for product information management/10.1
version/ibm infosphere master data management server for product information management/10.1.0.1
version/ibm infosphere master data management server for product information management/10.1.0.2
version/ibm infosphere master data management server for product information management/11.0
version/ibm infosphere master data management server for product information management/11.3