CVE Vulnerabilities

CVE-2014-8896

Improper Authentication

Published: Dec 22, 2014 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrators credentials and consequently gain privileges via unspecified vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.8 9.0.0.8
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.2 9.0.0.2
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.3 9.0.0.3
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.5 9.0.0.5
Infosphere_master_data_management_server_for_product_information_management Ibm 9.1.0 9.1.0
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0 9.0.0
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.6 9.0.0.6
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.1 9.0.0.1
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.7 9.0.0.7
Infosphere_master_data_management_server_for_product_information_management Ibm 9.0.0.4 9.0.0.4

Potential Mitigations

References