Frame Injection Vulnerability in IBM Initiate Master Data Service
CVE-2014-4786

Currently unrated

Key Information:

Vendor: IBM
Status: Initiate Master Data Service
Vendor: CVE Published:; 10 September 2014

Summary

Certain versions of IBM Initiate Master Data Service are affected by a frame injection vulnerability that allows remote authenticated users to exploit improperly restricted FRAME elements. This could enable attackers to conduct phishing attacks and bypass access restrictions, potentially leading to unauthorized information disclosure and compromising user data integrity through crafted web pages.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682450

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95033

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/69720

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Jul 9, 2014