Boletines de Vulnerabilidades

Security Bulletin: Cross-Site Request Forgery in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-5427)

Información sobre el sistema
   
Software afectado IBM

Descripción
Due to insufficient safeguards against cross-site request forgery, an attacker can trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require that the legitimate user be already authenticated or to authenticate separately as part of the attack. CVE(s): CVE-2013-5427 Affected product(s) and affected version(s): - IBM InfoSphere Master Data Management - Collaborative Edition Versions

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_cross_site_request_forgery_in_ibm_infosphere_master_data_management_collaborative_edition_cve_2013_5427?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2013-5427 ,CVE-2013-6727 ,CVE-2013-5371 and CVE-2013-1500.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-03-04

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT