GCVE - cpe:2.3:a:ibm:infosphere_master_data_management

Approved changes feed: RSS · Atom

cpe:2.3:a:ibm:infosphere_master_data_management_server:11.0:*:*:*:*:*:*:*

part: a version: 11.0 update: *

Vendor	Ibm (`177c0602-9232-5933-8f2f-9d22f079d22d`)
Product	Infosphere Master Data Management Server (`9b475699-c439-5d16-9375-322d731e2ee0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-1309`	vulnerable	2026-06-03 14:37:04.866902	Details available IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. Published: 2017-07-19T20:00:00.000Z Updated: 2024-09-16T20:57:41.635Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/99872 http://www.ibm.com/support/docview.wss?uid=swg22005437 https://exchange.xforce.ibmcloud.com/vulnerabilities/125463	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-1199`	vulnerable	2026-06-03 14:37:04.518653	Details available IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. Published: 2017-08-03T15:00:00.000Z Updated: 2024-09-16T17:43:09.117Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/123674 http://www.securityfocus.com/bid/100129 http://www.ibm.com/support/docview.wss?uid=swg22006618	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9719`	vulnerable	2026-06-03 14:36:17.283258	Details available IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. Published: 2017-07-31T21:00:00.000Z Updated: 2024-09-16T18:39:38.523Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg22006607 https://exchange.xforce.ibmcloud.com/vulnerabilities/119733 http://www.securityfocus.com/bid/100060	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9718`	vulnerable	2026-06-03 14:36:17.282809	Details available IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732. Published: 2017-07-31T21:00:00.000Z Updated: 2024-09-16T18:38:33.858Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg22006606 http://www.securityfocus.com/bid/100016 https://exchange.xforce.ibmcloud.com/vulnerabilities/119732	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9717`	vulnerable	2026-06-03 14:36:17.282369	Details available HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. Published: 2017-07-31T21:00:00.000Z Updated: 2024-09-16T23:56:16.113Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/100074 http://www.ibm.com/support/docview.wss?uid=swg22006605 https://exchange.xforce.ibmcloud.com/vulnerabilities/119730	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9716`	vulnerable	2026-06-03 14:36:17.281912	Details available IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. Published: 2017-07-31T21:00:00.000Z Updated: 2024-09-17T02:52:02.444Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg22006610 https://exchange.xforce.ibmcloud.com/vulnerabilities/119729 http://www.securityfocus.com/bid/100026	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9715`	vulnerable	2026-06-03 14:36:17.281454	Details available IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. Published: 2017-07-31T21:00:00.000Z Updated: 2024-09-16T20:36:47.072Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg22006611 http://www.securityfocus.com/bid/100025 https://exchange.xforce.ibmcloud.com/vulnerabilities/119728	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9714`	vulnerable	2026-06-03 14:36:17.278938	Details available IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. Published: 2017-07-31T21:00:00.000Z Updated: 2024-09-16T19:46:40.495Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/119727 http://www.ibm.com/support/docview.wss?uid=swg22006608	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1945`	vulnerable	2026-06-03 14:34:40.786209	Details available Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. Published: 2015-06-02T14:00:00.000Z Updated: 2024-08-06T05:02:43.400Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21957776 http://www.securityfocus.com/bid/74929	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1910`	vulnerable	2026-06-03 14:34:40.514694	Details available Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Published: 2015-05-25T00:00:00.000Z Updated: 2024-08-06T04:54:16.533Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21700741	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-1909`	vulnerable	2026-06-03 14:34:40.513061	Details available The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: 2015-05-25T00:00:00.000Z Updated: 2024-08-06T04:54:16.483Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21700754	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

IBM InfoSphere Master Data Management (MDM) Server 11.0

PURL mappings

Vulnerability references

Contribute