Lucene search

[email protected]CVE-2013-6315

HistoryMar 06, 2014 - 11:55 a.m.

CVE-2013-6315

2014-03-0611:55:05

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-6315

information security

ibm

infosphere enterprise records

clickjacking

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.1%

JSON

IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Affected configurations

NVD

Node

ibmenterprise_recordsMatch5.1.1

ibminfosphere_enterprise_recordsMatch4.5.1

CPENameOperatorVersion
ibm:enterprise_recordsibm enterprise recordseq5.1.1
ibm:infosphere_enterprise_recordsibm infosphere enterprise recordseq4.5.1

CPE	Name	Operator	Version
ibm:enterprise_records	ibm enterprise records	eq	5.1.1
ibm:infosphere_enterprise_records	ibm infosphere enterprise records	eq	4.5.1

References

www-01.ibm.com/support/docview.wss?uid=swg21662911

exchange.xforce.ibmcloud.com/vulnerabilities/88596

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.1%

JSON

Related for CVE-2013-6315

prion1 nvd1 cvelist1 seebug1