IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
References
Link | Resource |
---|---|
http://secunia.com/advisories/60480 | |
http://secunia.com/advisories/60481 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21680665 | Patch Vendor Advisory |
http://www-01.ibm.com/support/docview.wss?uid=swg21681277 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/93195 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2014-08-26T10:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2014-07-09T00:00:00
Link: CVE-2014-4790
JSON object: View
NVD Information
Status : Modified
Published: 2014-08-26T10:55:04.607
Modified: 2017-08-29T01:35:07.390
Link: CVE-2014-4790
JSON object: View
Redhat Information
No data.
CWE