4.9

CVE-2014-4790

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEmptoris Spend Analysis Version9.5.0.0
IbmEmptoris Spend Analysis Version9.5.0.1
IbmEmptoris Spend Analysis Version9.5.0.2
IbmEmptoris Spend Analysis Version9.5.0.3
IbmEmptoris Spend Analysis Version10.0.1.0
IbmEmptoris Spend Analysis Version10.0.1.1
IbmEmptoris Spend Analysis Version10.0.1.2
IbmEmptoris Spend Analysis Version10.0.2.0
IbmEmptoris Spend Analysis Version10.0.2.2
IbmEmptoris Sourcing Portfolio Version9.5.0.0
IbmEmptoris Sourcing Portfolio Version9.5.0.1
IbmEmptoris Sourcing Portfolio Version9.5.0.2
IbmEmptoris Sourcing Portfolio Version9.5.1.0
IbmEmptoris Sourcing Portfolio Version9.5.1.1
IbmEmptoris Sourcing Portfolio Version9.5.1.2
IbmEmptoris Sourcing Portfolio Version10.0.0.0
IbmEmptoris Sourcing Portfolio Version10.0.1.0
IbmEmptoris Sourcing Portfolio Version10.0.1.1
IbmEmptoris Sourcing Portfolio Version10.0.1.2
IbmEmptoris Sourcing Portfolio Version10.0.2.0
IbmEmptoris Sourcing Portfolio Version10.0.2.2
IbmEmptoris Sourcing Portfolio Version10.0.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.519
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 6.8 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/60481
http://www-01.ibm.com/support/docview.wss?uid=swg21680665
Patch
Vendor Advisory
http://secunia.com/advisories/60480
http://www-01.ibm.com/support/docview.wss?uid=swg21681277
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/93195