Search
Find a vulnerability
Search criteria
14 vulnerabilities found for initiate_master_data_service by ibm
CVE-2014-4789 (GCVE-0-2014-4789)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4789",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4788 (GCVE-0-2014-4788)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-imds-cve20144788-autocomplete(95058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-imds-cve20144788-autocomplete(95058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-imds-cve20144788-autocomplete(95058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95058"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4788",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4787 (GCVE-0-2014-4787)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/69722 | vdb-entryx_refsource_BID |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144787-xss(95034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"
},
{
"name": "69722",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144787-xss(95034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"
},
{
"name": "69722",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69722"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144787-xss(95034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"
},
{
"name": "69722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69722"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4787",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4786 (GCVE-0-2014-4786)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/69720 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "ibm-imds-cve20144786-frame-injection(95033)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95033"
},
{
"name": "69720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69720"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "ibm-imds-cve20144786-frame-injection(95033)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95033"
},
{
"name": "69720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69720"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "ibm-imds-cve20144786-frame-injection(95033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95033"
},
{
"name": "69720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69720"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4786",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4785 (GCVE-0-2014-4785)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/69694 | vdb-entryx_refsource_BID |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-imds-cve20144785-csrf(95032)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-imds-cve20144785-csrf(95032)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-imds-cve20144785-csrf(95032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95032"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4785",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4784 (GCVE-0-2014-4784)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/69698 | vdb-entryx_refsource_BID |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-imds-cve20144784-frame-injection(95031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-imds-cve20144784-frame-injection(95031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-imds-cve20144784-frame-injection(95031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4784",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4783 (GCVE-0-2014-4783)
Vulnerability from nvd – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69693 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69693"
},
{
"name": "ibm-imds-cve20144783-csrf(95030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "69693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69693"
},
{
"name": "ibm-imds-cve20144783-csrf(95030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69693"
},
{
"name": "ibm-imds-cve20144783-csrf(95030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4783",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4784 (GCVE-0-2014-4784)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/69698 | vdb-entryx_refsource_BID |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-imds-cve20144784-frame-injection(95031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-imds-cve20144784-frame-injection(95031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69698"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-imds-cve20144784-frame-injection(95031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95031"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69698"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4784",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4787 (GCVE-0-2014-4787)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/69722 | vdb-entryx_refsource_BID |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144787-xss(95034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"
},
{
"name": "69722",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144787-xss(95034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"
},
{
"name": "69722",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69722"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144787-xss(95034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95034"
},
{
"name": "69722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69722"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4787",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4785 (GCVE-0-2014-4785)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/69694 | vdb-entryx_refsource_BID |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-imds-cve20144785-csrf(95032)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-imds-cve20144785-csrf(95032)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-imds-cve20144785-csrf(95032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95032"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "69694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4785",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4786 (GCVE-0-2014-4786)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/69720 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "ibm-imds-cve20144786-frame-injection(95033)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95033"
},
{
"name": "69720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69720"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "ibm-imds-cve20144786-frame-injection(95033)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95033"
},
{
"name": "69720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69720"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "ibm-imds-cve20144786-frame-injection(95033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95033"
},
{
"name": "69720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69720"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4786",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4789 (GCVE-0-2014-4789)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
},
{
"name": "ibm-imds-cve20144789-fixation(95059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4789",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4783 (GCVE-0-2014-4783)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69693 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
| http://secunia.com/advisories/60996 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69693",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69693"
},
{
"name": "ibm-imds-cve20144783-csrf(95030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "69693",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69693"
},
{
"name": "ibm-imds-cve20144783-csrf(95030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69693"
},
{
"name": "ibm-imds-cve20144783-csrf(95030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95030"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
},
{
"name": "60996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4783",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4788 (GCVE-0-2014-4788)
Vulnerability from cvelistv5 – Published: 2014-09-10 10:00 – Updated: 2024-08-06 11:27
VLAI
EPSS
VEX
Summary
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www-01.ibm.com/support/docview.wss?uid=swg… | x_refsource_CONFIRM |
Date Public
2014-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-imds-cve20144788-autocomplete(95058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-imds-cve20144788-autocomplete(95058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-imds-cve20144788-autocomplete(95058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95058"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4788",
"datePublished": "2014-09-10T10:00:00.000Z",
"dateReserved": "2014-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:27:36.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}