Lucene search

IbmCVE-2014-3009

HistoryAug 01, 2014 - 5:12 a.m.

CVE-2014-3009

2014-08-0105:12:51

CWE-20

ibm

web.nvd.nist.gov

cve-2014-3009

ibm

infosphere

master data management

collaborative edition

gds component

phishing

remote attack

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

29.8%

JSON

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.

Affected configurations

Nvd

Node

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.1

Node

ibminfosphere_master_data_managementMatch10.0collaborative

ibminfosphere_master_data_managementMatch10.1collaborative

ibminfosphere_master_data_managementMatch11.0collaborative

VendorProductVersionCPE
ibminfosphere_master_data_management_server_for_product_information_management9.0cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management10.0cpe:2.3:a:ibm:infosphere_master_data_management:10.0:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management10.1cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.0cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_master_data_management_server_for_product_information_management	9.0	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	9.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*
ibm	infosphere_master_data_management	10.0	cpe:2.3:a:ibm:infosphere_master_data_management:10.0::::collaborative:::
ibm	infosphere_master_data_management	10.1	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
ibm	infosphere_master_data_management	11.0	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::

References

www-01.ibm.com/support/docview.wss?uid=swg21677306

exchange.xforce.ibmcloud.com/vulnerabilities/92952

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

29.8%

JSON

Related for CVE-2014-3009