NVD

Id
31288  
Name
CVE-2014-3009  
Description
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-08-01  
Modified Date
2014-08-01  
Seq
2014-3009  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
163912 31288 CVE-2014-3009 http://www-01.ibm.com/support/docview.wss?uid=swg21677306  View
163913 31288 CVE-2014-3009 ibm-imdm-cve20143009-phish(92952)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14794 JVNDB-2014-003669 IBM InfoSphere Master Data Management - Collaborative Edition および InfoSphere Master Data Management Server for Product Information Management におけるフィッシング攻撃を実行される脆弱性 IBM InfoSphere Master Data Management - Collaborative Edition および InfoSphere Master Data Management Server for Product Information Management の GDS コンポーネントは、FRAME 要素を適切に処理しないため、フィッシング攻撃を実行される脆弱性が存在します。 CVE-2014-3009 70296 CVE-2014-3009 31288 3.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003669.html 2014-06-24 2014-08-04 View