Search criteria
9 vulnerabilities found for emptoris_program_management by ibm
FKIE_CVE-2015-4971
Vulnerability from fkie_nvd - Published: 2015-10-06 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21966754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21966754 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | supplier_lifecycle_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris | strategic_supply_management | |
| ibm | emptoris_program_management | 10.0.0.0 | |
| ibm | emptoris_program_management | 10.0.0.1 | |
| ibm | emptoris_program_management | 10.0.0.2 | |
| ibm | emptoris_program_management | 10.0.0.3 | |
| ibm | emptoris_program_management | 10.0.1.0 | |
| ibm | emptoris_program_management | 10.0.1.1 | |
| ibm | emptoris_program_management | 10.0.1.2 | |
| ibm | emptoris_program_management | 10.0.1.3 | |
| ibm | emptoris_program_management | 10.0.1.4 | |
| ibm | emptoris_program_management | 10.0.2.0 | |
| ibm | emptoris_program_management | 10.0.2.1 | |
| ibm | emptoris_program_management | 10.0.2.2 | |
| ibm | emptoris_program_management | 10.0.2.3 | |
| ibm | emptoris_program_management | 10.0.2.4 | |
| ibm | emptoris_program_management | 10.0.2.5 | |
| ibm | emptoris_program_management | 10.0.2.6 | |
| ibm | emptoris_program_management | 10.0.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*",
"matchCriteriaId": "9CB603A9-2970-463F-961D-0B15FF264CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*",
"matchCriteriaId": "76551543-A522-4FFC-AC6B-7609159518A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*",
"matchCriteriaId": "5A815F79-E463-4AC5-9608-4C6DDDA9C673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*",
"matchCriteriaId": "2D0F203C-3D87-48B2-B80F-6C38BD8BE641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*",
"matchCriteriaId": "1F6E96A7-2D7A-4DCC-8CFB-314656938FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*",
"matchCriteriaId": "65D08DAC-EEAE-4A9E-AD03-543AF7F50C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*",
"matchCriteriaId": "BEFCD84D-2AB5-4E7C-9E70-6E15CABC877C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*",
"matchCriteriaId": "BBDE7F04-5B59-4115-AEF4-0EE7548DF32A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*",
"matchCriteriaId": "1703B342-A63B-40FE-8287-6510786F3C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*",
"matchCriteriaId": "17A0F02E-1EB1-4163-946B-705C44BAF32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*",
"matchCriteriaId": "5EB34582-6FA8-4F68-AA84-CAA6B6E0C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*",
"matchCriteriaId": "F4762BFC-9C50-4C81-A291-46030676910D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*",
"matchCriteriaId": "52E8B909-DDEE-4360-A9A0-C44822257542",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*",
"matchCriteriaId": "204C0EAC-B3B2-4784-9817-B33438E53663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.1:*:*:*:*:*:*",
"matchCriteriaId": "A273D433-B63F-4BF5-8831-428E8E083F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.2:*:*:*:*:*:*",
"matchCriteriaId": "01F19980-C76C-412F-9EA7-08F71D947F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.3:*:*:*:*:*:*",
"matchCriteriaId": "60E4BFC5-CF3C-480D-8EA7-CAC96060C406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*",
"matchCriteriaId": "C456A948-C87A-4537-80A9-649BF593B3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.1:*:*:*:*:*:*",
"matchCriteriaId": "8094CD70-C955-4E1C-A0D3-B9166E24AB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.2:*:*:*:*:*:*",
"matchCriteriaId": "A499B3BF-7A08-4BB9-BA54-B16030F24E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.3:*:*:*:*:*:*",
"matchCriteriaId": "3A3779FD-5E52-4CD4-AE0B-62E9B315AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.4:*:*:*:*:*:*",
"matchCriteriaId": "1912BFE3-060C-4C53-ACAB-1A2B04566872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*",
"matchCriteriaId": "8051030A-B35F-483D-9D9F-40FE971C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.1:*:*:*:*:*:*",
"matchCriteriaId": "0A90BFE2-578C-40E4-8A52-B8482E53B549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.2:*:*:*:*:*:*",
"matchCriteriaId": "6935C831-2C4B-4E96-855A-F91C3FDE0749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.3:*:*:*:*:*:*",
"matchCriteriaId": "59034A1D-ECE9-4A1A-ADC6-1FB37AE29D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.4:*:*:*:*:*:*",
"matchCriteriaId": "814D1A05-F245-4AD1-8429-D7577F4F61BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.5:*:*:*:*:*:*",
"matchCriteriaId": "585C2A45-5920-4556-89BF-570AB025FC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.6:*:*:*:*:*:*",
"matchCriteriaId": "043CDD2F-4F0B-4DB3-BDCA-111D7A24C277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.7:*:*:*:*:*:*",
"matchCriteriaId": "0DF6172F-CD88-4983-912C-116161FDDF62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C98991F0-404C-499D-8BE7-07A628D318EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D60B4BEB-8C1D-40F6-A63D-23F0CD6FA907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "502EC4B3-DDD9-40E5-BDF8-5F77B4B0709E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E44CFFD9-CD58-459A-A5CF-EF5DFAF9E09C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Emptoris Strategic Supply Management Platform y Emptoris Program Management 10.x en versiones anteriores a 10.0.1.4_iFix3, 10.0.2.x en versiones anteriores a 10.0.2.7_iFix1, 10.0.3.x en versiones anteriores a 10.0.3.2 y 10.0.4.x en versiones anteriores a 10.0.4.0_iFix1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios mediante una URL manipulada."
}
],
"id": "CVE-2015-4971",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-06T01:59:13.593",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4939
Vulnerability from fkie_nvd - Published: 2015-10-06 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21966754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21966754 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D60B4BEB-8C1D-40F6-A63D-23F0CD6FA907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "502EC4B3-DDD9-40E5-BDF8-5F77B4B0709E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E44CFFD9-CD58-459A-A5CF-EF5DFAF9E09C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Emptoris Supplier Lifecycle Management y Emptoris Program Management 10.x en versiones anteriores a 10.0.1.4_iFix3, 10.0.2.x en versiones anteriores a 10.0.2.7_iFix1, 10.0.3.x en versiones anteriores a 10.0.3.2 y 10.0.4.x en versiones anteriores a 10.0.4.0_iFix1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-4939",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-06T01:59:08.140",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-6212
Vulnerability from fkie_nvd - Published: 2015-01-10 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F09E04-62B4-4FC6-9A10-9D7ADAF60A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E5F066-9DB4-4E4C-B253-6C3FA0386849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "64CE689B-1C0B-47BF-811F-9B72165372BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBC2237-25F5-4526-BB42-74D7CC5997E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C98991F0-404C-499D-8BE7-07A628D318EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*",
"matchCriteriaId": "204C0EAC-B3B2-4784-9817-B33438E53663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.1:*:*:*:*:*:*",
"matchCriteriaId": "A273D433-B63F-4BF5-8831-428E8E083F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.2:*:*:*:*:*:*",
"matchCriteriaId": "01F19980-C76C-412F-9EA7-08F71D947F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.3:*:*:*:*:*:*",
"matchCriteriaId": "60E4BFC5-CF3C-480D-8EA7-CAC96060C406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*",
"matchCriteriaId": "C456A948-C87A-4537-80A9-649BF593B3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.1:*:*:*:*:*:*",
"matchCriteriaId": "8094CD70-C955-4E1C-A0D3-B9166E24AB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.2:*:*:*:*:*:*",
"matchCriteriaId": "A499B3BF-7A08-4BB9-BA54-B16030F24E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.3:*:*:*:*:*:*",
"matchCriteriaId": "3A3779FD-5E52-4CD4-AE0B-62E9B315AE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.4:*:*:*:*:*:*",
"matchCriteriaId": "1912BFE3-060C-4C53-ACAB-1A2B04566872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*",
"matchCriteriaId": "8051030A-B35F-483D-9D9F-40FE971C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.1:*:*:*:*:*:*",
"matchCriteriaId": "0A90BFE2-578C-40E4-8A52-B8482E53B549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.2:*:*:*:*:*:*",
"matchCriteriaId": "6935C831-2C4B-4E96-855A-F91C3FDE0749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.3:*:*:*:*:*:*",
"matchCriteriaId": "59034A1D-ECE9-4A1A-ADC6-1FB37AE29D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.4:*:*:*:*:*:*",
"matchCriteriaId": "814D1A05-F245-4AD1-8429-D7577F4F61BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "La API Echo en IBM Emptoris Contract Management 9.5.x anterior a 9.5.0.6 iFix11, 10.0.0.x anterior a 10.0.0.1 iFix12, 10.0.1.x anterior a 10.0.1.5 iFix2, y 10.0.2.x anterior a 10.0.2.2 iFix5; Emptoris Sourcing 9.5 anterior a 9.5.1.3 iFix2, 10.0.0.x anterior a 10.0.0.1 iFix1, 10.0.1.x anterior a 10.0.1.3 iFix1, y 10.0.2.x anterior a 10.0.2.5; y Emptoris Program Management (tambi\u00e9n conocido como PGM) y Strategic Supply Management (tambi\u00e9n conocido como SSMP) 10.0.0.x anterior a 10.0.0.3 iFix6, 10.0.1.x anterior a 10.0.1.4 iFix1, y 10.0.2.x anterior a 10.0.2.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE)."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2014-6212",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-10T02:59:28.227",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-4939 (GCVE-0-2015-4939)
Vulnerability from cvelistv5 – Published: 2015-10-05 10:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4939",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4971 (GCVE-0-2015-4971)
Vulnerability from cvelistv5 – Published: 2015-10-05 10:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4971",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6212 (GCVE-0-2014-6212)
Vulnerability from cvelistv5 – Published: 2015-01-10 02:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-emptoris-cve20146212-xxe(98689)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-emptoris-cve20146212-xxe(98689)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-emptoris-cve20146212-xxe(98689)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6212",
"datePublished": "2015-01-10T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4939 (GCVE-0-2015-4939)
Vulnerability from nvd – Published: 2015-10-05 10:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4939",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4971 (GCVE-0-2015-4971)
Vulnerability from nvd – Published: 2015-10-05 10:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4971",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6212 (GCVE-0-2014-6212)
Vulnerability from nvd – Published: 2015-01-10 02:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-emptoris-cve20146212-xxe(98689)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-emptoris-cve20146212-xxe(98689)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-emptoris-cve20146212-xxe(98689)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6212",
"datePublished": "2015-01-10T02:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}