| Vulnerability Name: | CVE-2013-5427 (CCN-87536) | ||||||||
| Assigned: | 2013-08-22 | ||||||||
| Published: | 2014-01-31 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote attackers to hijack the authentication of arbitrary users. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-5427 Source: CCN Type: SA56809 IBM InfoSphere Master Data Management Cross-Site Request Forgery Vulnerability Source: CCN Type: IBM Security Bulletin 1663181 Cross-Site Request Forgery in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-5427) Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg21663181 Source: CCN Type: BID-65288 Multiple IBM InfoSphere Master Data Management Products Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN ibm-mdmcs-cve20135427-csrf(87536) Source: XF Type: UNKNOWN ibm-mdmcs-cve20135427-csrf(87536) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||