Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-4790

Опубликовано: 26 авг. 2014
Источник: nvd
CVSS2: 4.9
EPSS Низкий

Описание

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.002
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-gpqp-wqv8-8mph

github
больше 3 лет назад

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.

EPSS

Процентиль: 42%
0.002
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-264