cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-46187,https://securityvulnerability.io/vulnerability/CVE-2023-46187,Stored Cross-Site Scripting Vulnerability in IBM InfoSphere Master Data Management,"IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 are vulnerable to stored cross-site scripting issues. This flaw enables attackers to inject arbitrary JavaScript into the web interface, potentially compromising user sessions by altering functionality and resulting in the leakage of sensitive credentials. Users interacting with the affected application may unknowingly execute malicious scripts, making it crucial for organizations to address this vulnerability promptly.",IBM,Infosphere Master Data Management,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-27T01:45:34.077Z,0
CVE-2020-4675,https://securityvulnerability.io/vulnerability/CVE-2020-4675,,IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324.,IBM,Infosphere Master Data Management,6.5,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-07-16T17:15:00.000Z,0
CVE-2018-1380,https://securityvulnerability.io/vulnerability/CVE-2018-1380,,"IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077.",IBM,Infosphere Master Data Management Collaboration Server,2.7,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-10-29T15:29:00.000Z,0
CVE-2015-7424,https://securityvulnerability.io/vulnerability/CVE-2015-7424,,"IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780.",IBM,Infosphere Master Data Management,4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2018-03-26T18:00:00.000Z,0
CVE-2015-7423,https://securityvulnerability.io/vulnerability/CVE-2015-7423,,"Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771.",IBM,Infosphere Master Data Management,5.4,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2018-03-26T18:00:00.000Z,0
CVE-2017-1523,https://securityvulnerability.io/vulnerability/CVE-2017-1523,,IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892.,IBM,Infosphere Master Data Management,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2017-10-24T21:00:00.000Z,0
CVE-2017-1199,https://securityvulnerability.io/vulnerability/CVE-2017-1199,,"IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674.",IBM,Infosphere Master Data Management,5.4,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2017-08-03T15:29:00.000Z,0
CVE-2016-9716,https://securityvulnerability.io/vulnerability/CVE-2016-9716,,"IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729.",IBM,Infosphere Master Data Management,8.8,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2017-07-31T21:29:00.000Z,0
CVE-2016-9714,https://securityvulnerability.io/vulnerability/CVE-2016-9714,,"IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727.",IBM,Infosphere Master Data Management,8.8,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2017-07-31T21:29:00.000Z,0
CVE-2016-9717,https://securityvulnerability.io/vulnerability/CVE-2016-9717,,"HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.",IBM,Infosphere Master Data Management,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2017-07-31T21:29:00.000Z,0
CVE-2016-9718,https://securityvulnerability.io/vulnerability/CVE-2016-9718,,"IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732.",IBM,Infosphere Master Data Management,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-07-31T21:29:00.000Z,0
CVE-2016-9715,https://securityvulnerability.io/vulnerability/CVE-2016-9715,,"IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728.",IBM,Infosphere Master Data Management,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-07-31T21:29:00.000Z,0
CVE-2016-9719,https://securityvulnerability.io/vulnerability/CVE-2016-9719,,"IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733.",IBM,Infosphere Master Data Management,5.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2017-07-31T21:29:00.000Z,0
CVE-2017-1309,https://securityvulnerability.io/vulnerability/CVE-2017-1309,,IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.,IBM,Infosphere Master Data Management,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-07-14T00:00:00.000Z,0
CVE-2015-7492,https://securityvulnerability.io/vulnerability/CVE-2015-7492,,"Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",IBM,Infosphere Master Data Management Reference Data Management,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2016-02-15T02:00:00.000Z,0
CVE-2015-4958,https://securityvulnerability.io/vulnerability/CVE-2015-4958,,"IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files.",IBM,Infosphere Master Data Management,3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2016-01-17T02:00:00.000Z,0
CVE-2015-4960,https://securityvulnerability.io/vulnerability/CVE-2015-4960,,"IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.",IBM,Infosphere Master Data Management,4.1,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2016-01-17T02:00:00.000Z,0
CVE-2015-7414,https://securityvulnerability.io/vulnerability/CVE-2015-7414,,"Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",IBM,Infosphere Master Data Management,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2016-01-17T02:00:00.000Z,0
CVE-2015-1982,https://securityvulnerability.io/vulnerability/CVE-2015-1982,,"IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message.",IBM,Infosphere Master Data Management,,,0.0007900000200606883,false,,false,false,false,,,false,false,,2015-07-20T01:00:00.000Z,0
CVE-2015-1980,https://securityvulnerability.io/vulnerability/CVE-2015-1980,,"IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.",IBM,Infosphere Master Data Management,,,0.0007900000200606883,false,,false,false,false,,,false,false,,2015-07-20T01:00:00.000Z,0
CVE-2015-1984,https://securityvulnerability.io/vulnerability/CVE-2015-1984,,"IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.",IBM,Infosphere Master Data Management,,,0.000699999975040555,false,,false,false,false,,,false,false,,2015-07-20T01:00:00.000Z,0
CVE-2015-1968,https://securityvulnerability.io/vulnerability/CVE-2015-1968,,"Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",IBM,Infosphere Master Data Management,,,0.0006300000241026282,false,,false,false,false,,,false,false,,2015-07-20T01:00:00.000Z,0
CVE-2015-1945,https://securityvulnerability.io/vulnerability/CVE-2015-1945,,"Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.",IBM,Infosphere Master Data Management Server,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2015-06-02T14:00:00.000Z,0
CVE-2015-1909,https://securityvulnerability.io/vulnerability/CVE-2015-1909,,"The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",IBM,Infosphere Master Data Management Server,,,0.0020600000862032175,false,,false,false,false,,,false,false,,2015-05-25T00:00:00.000Z,0
CVE-2015-1910,https://securityvulnerability.io/vulnerability/CVE-2015-1910,,"Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.",IBM,Infosphere Master Data Management Server,,,0.0006300000241026282,false,,false,false,false,,,false,false,,2015-05-25T00:00:00.000Z,0