NVD

Id
32703  
Name
CVE-2014-4790  
Description
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.  
Reject
 
CVSS Version
2  
CVSS Score
4.9  
Severity
Medium  
CVSS Base Score
4.9  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:N)  
Pub Date
2017-01-30  
Published
2014-08-26  
Modified Date
2017-01-27  
Seq
2014-4790  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
172102 32703 CVE-2014-4790 60481  View
172103 32703 CVE-2014-4790 http://www-01.ibm.com/support/docview.wss?uid=swg21680665  View
172104 32703 CVE-2014-4790 http://www-01.ibm.com/support/docview.wss?uid=swg21681277  View
172105 32703 CVE-2014-4790 ibm-emportis-cve20144790-phishing(93195)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
15071 JVNDB-2014-003946 IBM Emptoris Sourcing Portfolio および Emptoris Spend Analysis におけるフィッシング攻撃を実行される脆弱性 IBM Emptoris Sourcing Portfolio および Emptoris Spend Analysis は、FRAME 要素の使用を適切に制限しないため、フィッシング攻撃を実行される、およびアクセス制限を回避される、または重要な情報を取得される脆弱性が存在します。 CVE-2014-4790 72079 CVE-2014-4790 32703 4.9 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003946.html 2014-08-12 2014-08-27 View