CVE-2014-4790

Name of the Vulnerable Software and Affected Versions IBM Emptoris Sourcing Portfolio versions 9.5.x through 9.5.1.2 IBM Emptoris Sourcing Portfolio versions 10.0.0.x through 10.0.0.0 IBM Emptoris Sourcing Portfolio versions 10.0.1.x through 10.0.1.2 IBM Emptoris Sourcing Portfolio versions 10.0.2.x through 10.0.2.3 IBM Emptoris Spend Analysis versions 9.5.x through 9.5.0.3 IBM Emptoris Spend Analysis versions 10.0.1.x through 10.0.1.2 IBM Emptoris Spend Analysis versions 10.0.2.x through 10.0.2.3

Description The issue allows remote authenticated users to conduct phishing attacks and bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue, due to improper restriction of use of FRAME elements.

Recommendations For IBM Emptoris Sourcing Portfolio versions 9.5.x through 9.5.1.2, update to version 9.5.1.3 or later. For IBM Emptoris Sourcing Portfolio versions 10.0.0.x through 10.0.0.0, update to version 10.0.0.1 or later. For IBM Emptoris Sourcing Portfolio versions 10.0.1.x through 10.0.1.2, update to version 10.0.1.3 or later. For IBM Emptoris Sourcing Portfolio versions 10.0.2.x through 10.0.2.3, update to version 10.0.2.4 or later. For IBM Emptoris Spend Analysis versions 9.5.x through 9.5.0.3, update to version 9.5.0.4 or later. For IBM Emptoris Spend Analysis versions 10.0.1.x through 10.0.1.2, update to version 10.0.1.3 or later. For IBM Emptoris Spend Analysis versions 10.0.2.x through 10.0.2.3, update to version 10.0.2.4 or later.