CVE-2014-3009

The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibminfosphere_master_data_management_server_for_product_information_management
9.0
ibminfosphere_master_data_management_server_for_product_information_management
9.1
ibminfosphere_master_data_management
10.0
ibminfosphere_master_data_management
10.1
ibminfosphere_master_data_management
11.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21677306
https://exchange.xforce.ibmcloud.com/vulnerabilities/92952
http://www-01.ibm.com/support/docview.wss?uid=swg21677306
https://exchange.xforce.ibmcloud.com/vulnerabilities/92952