Frame Injection Vulnerability in IBM Initiate Master Data Service
CVE-2014-4784

Currently unrated

Key Information:

Vendor: IBM
Status: Initiate Master Data Service
Vendor: CVE Published:; 10 September 2014

Summary

IBM Initiate Master Data Service versions 9.5, 9.7, 10.0, and 10.1 prior to specified updates are susceptible to a frame injection vulnerability. This security flaw allows remote attackers to exploit compromised FRAME elements, enabling them to conduct phishing attacks and circumvent access controls. By crafting a malicious website, attackers may gain unauthorized access to sensitive data or perform actions intended to bypass security measures.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95031

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21682450

x_refsource_CONFIRM

http://secunia.com/advisories/60996

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Jul 9, 2014