Vulnerability Details : CVE-2014-4784
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Products affected by CVE-2014-4784
- cpe:2.3:a:ibm:initiate_master_data_service:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:initiate_master_data_service:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:initiate_master_data_service:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:initiate_master_data_service:9.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4784
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4784
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-4784
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4784
-
http://secunia.com/advisories/60996
Sign in
-
http://www.securityfocus.com/bid/69698
IBM Initiate Master Data Service CVE-2014-4784 Unspecified Frame Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95031
IBM Initiate Master Data Service phishing through frames CVE-2014-4784 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21682450
IBM Security Bulletin: Multiple Vulnerabilities in IBM Initiate Master Data Service (CVE-2014-4789, CVE-2014-4788, CVE-2014-4787, CVE-2014-4786, CVE-2014-4785, CVE-2014-4784, CVE-2014-4783)Patch;Vendor Advisory
Jump to