CVE-2015-1984
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.
Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados eludir las restricciones de acceso previstos y leer perfiles arbitrarios a través de vectores no especificados, como lo demuestra el descubrimiento de nombre de usuario para su uso en ataques de fuerza bruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-02-19 CVE Reserved
- 2015-07-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/75474 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21960244 | 2016-11-30 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Search vendor "Ibm" for product "Infosphere Master Data Management" | 9.1 Search vendor "Ibm" for product "Infosphere Master Data Management" and version "9.1" | collaborative |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Search vendor "Ibm" for product "Infosphere Master Data Management" | 10.1 Search vendor "Ibm" for product "Infosphere Master Data Management" and version "10.1" | collaborative |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Search vendor "Ibm" for product "Infosphere Master Data Management" | 11.0 Search vendor "Ibm" for product "Infosphere Master Data Management" and version "11.0" | collaborative |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Search vendor "Ibm" for product "Infosphere Master Data Management" | 11.3 Search vendor "Ibm" for product "Infosphere Master Data Management" and version "11.3" | collaborative |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Infosphere Master Data Management Search vendor "Ibm" for product "Infosphere Master Data Management" | 11.4 Search vendor "Ibm" for product "Infosphere Master Data Management" and version "11.4" | collaborative |
Affected
| ||||||