CVE-2014-4786

Currently unrated

Key Information:

Vendor: IBM
Status: Initiate Master Data Service
Vendor: CVE Published:; 10 September 2014

Summary

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682450

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95033

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/69720

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Jul 9, 2014