Vulnerability Description
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Emptoris Spend Analysis | 9.5.0.0 |
| Ibm | Emptoris Sourcing Portfolio | 9.5.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60480
- http://secunia.com/advisories/60481
- http://www-01.ibm.com/support/docview.wss?uid=swg21680665PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21681277PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93195
- http://secunia.com/advisories/60480
- http://secunia.com/advisories/60481
- http://www-01.ibm.com/support/docview.wss?uid=swg21680665PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21681277PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93195
FAQ
What is CVE-2014-4790?
CVE-2014-4790 is a vulnerability with a CVSS score of 4.9 (MEDIUM). IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before...
How severe is CVE-2014-4790?
CVE-2014-4790 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4790?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Emptoris Spend Analysis, Ibm Emptoris Sourcing Portfolio.