Vulnerability Description
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Infosphere Master Data Management Server For Product Information Management | 9.0 |
| Ibm | Infosphere Master Data Management | 10.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21677306Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92952
- http://www-01.ibm.com/support/docview.wss?uid=swg21677306Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92952
FAQ
What is CVE-2014-3009?
CVE-2014-3009 is a vulnerability with a CVSS score of 3.5 (LOW). The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does no...
How severe is CVE-2014-3009?
CVE-2014-3009 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3009?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Infosphere Master Data Management Server For Product Information Management, Ibm Infosphere Master Data Management.