Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Infosphere_master_data_management_collaboration_server | Ibm | 10.0 (including) | 10.0 (including) |
| Infosphere_master_data_management_collaboration_server | Ibm | 10.1 (including) | 10.1 (including) |
| Infosphere_master_data_management_collaboration_server | Ibm | 11.0 (including) | 11.0 (including) |
| Infosphere_master_data_management_server_for_product_information_management | Ibm | 9.0 (including) | 9.0 (including) |
| Infosphere_master_data_management_server_for_product_information_management | Ibm | 9.1 (including) | 9.1 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html