CVE-2014-4775 - OpenCVE

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Infosphere Master Data Management Server For Product Information Management Infosphere Master Data Management

Configuration 1 [-]

OR	cpe:2.3:a:ibm:infosphere_master_data_management:10.0::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management:11.3::::collaborative:::
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21681640	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/94917

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2014-08-17T23:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-07-09T00:00:00

Link: CVE-2014-4775

JSON object: View

NVD Information

Status : Modified

Published: 2014-08-17T23:55:07.027

Modified: 2017-08-29T01:35:06.860

Link: CVE-2014-4775

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-15T00:00:00", "descriptions": [{"lang": "en", "value": "IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-infospheremdm-cve20144775-cred(94917)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94917"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681640"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-4775", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-infospheremdm-cve20144775-cred(94917)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94917"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681640", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681640"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-4775", "datePublished": "2014-08-17T23:00:00", "dateReserved": "2014-07-09T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:10.0:*:*:*:collaborative:*:*:*", "matchCriteriaId": "C2C18237-D43D-4423-B03D-0C02EE26C2CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*", "matchCriteriaId": "38FBFED0-F44F-48BF-96C0-33025890C4D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*", "matchCriteriaId": "6FE73850-0816-4C28-B114-4FEB2A0B6586", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*", "matchCriteriaId": "2B51C2B1-4363-455F-8A0D-F92BEDFC0BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "05F44C2D-F7E1-46CB-A319-B7D21121DA53", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B31F0A6-7796-42C2-8911-1B0D1B0A26A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors."}, {"lang": "es", "value": "IBM InfoSphere Master Data Management - Collaborative Edition 10.x anterior a 10.1-FP11 y 11.x anterior a 11.0-FP5 y InfoSphere Master Data Management Server for Product Information Management 9.x anterior a 9.1-FP15 y 10.x y 11.x anterior a 11.3-IF2 no protege debidamente las credenciales, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-4775", "lastModified": "2017-08-29T01:35:06.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-17T23:55:07.027", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681640"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94917"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}