IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718)

IBM InfoSphere Master Data Management is vulnerable to a cross-site scripting Attack and could allow users to embed arbitrary JavaScript code in MDM User Interfaces and lead to disclosure of credentials. Insecure HTTP Method – TRACE discovered in MDM User Interface affects Inspector and Web Reports in IBM InfoSphere Master Data Management.

CVE(s): CVE-2016-9718

Affected product(s) and affected version(s):

This vulnerability is known to affect the following offerings:

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2v6gAoX
X-Force Database: http://ift.tt/2tJxQx0

The post IBM Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method – TRACE discovered in MDM User Interface (CVE-2016-9718) appeared first on IBM PSIRT Blog.

Affected IBM InfoSphere Master Data Management ServerAffected Versions
IBM InfoSphere Master Data Management10.1
IBM InfoSphere Master Data Management11.0
IBM InfoSphere Master Data Management11.3
IBM InfoSphere Master Data Management11.4
IBM InfoSphere Master Data Management11.5
IBM InfoSphere Master Data Management11.6


from IBM Product Security Incident Response Team http://ift.tt/2v6xcNq