Phishing Vulnerability in Accela BizSearch Document View Window


The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to:
* display a fraudulent web page over a legitimate web page
* steal cookies stored in browser
* place arbitrary cookies into browser
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Accela Technology
  • Accela BizSearch
  • eAccela BizSearch
  • IntelligentSearch


A remote attacker could display a fraudulent web page over a legitimate one, steal cookies stored in browser or place arbitrary cookies into browser.

Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.
Vendor Information

Accela Technology
  • Accela Technology Corporation : Top Page (Japanese)
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)


Revision History

  • [2010/10/13]
      Web page published