Search criteria
48 vulnerabilities found for emptoris_sourcing by ibm
FKIE_CVE-2020-4896
Vulnerability from fkie_nvd - Published: 2021-01-07 18:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190987 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398284 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190987 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398284 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_sourcing | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38D0D6F2-E0CE-4800-9317-F90E932B1075",
"versionEndExcluding": "10.1.0.38",
"versionStartIncluding": "10.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2780D368-76C8-4AB5-98F6-2DC37DB05B1A",
"versionEndExcluding": "10.1.1.35",
"versionStartIncluding": "10.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C05FC68-50A3-4088-8535-6FC7E6505CD3",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing versiones 10.1.0, 10.1.1 y 10.1.3, es vulnerable al envenenamiento de la cach\u00e9 web, causado por una comprobaci\u00f3n inapropiada de entrada al modificar los encabezados de petici\u00f3n HTTP.\u0026#xa0;IBM X-Force ID: 190987"
}
],
"id": "CVE-2020-4896",
"lastModified": "2024-11-21T05:33:23.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-07T18:15:13.623",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398284"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4484
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164068 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164068 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda utilizarse en otros ataques contra el Sistema. ID de IBM X-Force: 164068."
}
],
"id": "CVE-2019-4484",
"lastModified": "2024-11-21T04:43:39.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:17.103",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4485
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164069 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164069 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda utilizarse en otros ataques contra el Sistema. ID de IBM X-Force: 164069."
}
],
"id": "CVE-2019-4485",
"lastModified": "2024-11-21T04:43:39.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:17.183",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4308
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/161034 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/161034 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n confidencial de los mensajes de error IBM X-Force ID: 161034."
}
],
"id": "CVE-2019-4308",
"lastModified": "2024-11-21T04:43:27.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:11.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-0329
Vulnerability from fkie_nvd - Published: 2018-02-02 21:29 - Updated: 2024-11-21 02:41
Severity ?
Summary
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21982629 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/111692 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21982629 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/111692 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE16866-9DA4-448F-9C02-B4A4576C5B89",
"versionEndIncluding": "10.1.0.0",
"versionStartIncluding": "10.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en IBM Emptoris Sourcing en versiones 10.0.0.x anteriores a 10.0.0.1_iFix3, 10.0.1.x anteriores a 10.0.1.3_iFix3, 10.0.2.x anteriores a 10.0.2.8_iFix1, 10.0.4.0 anteriores a 10.0.4.0_iFix8 y 10.1.0.0 anteriores a 10.1.0.0_iFix3 permite que los atacantes remotos redirijan a los usuarios a p\u00e1ginas web arbitrarias y realicen ataques de phishing mediante vectores no especificados. IBM X-Force ID: 111692."
}
],
"id": "CVE-2016-0329",
"lastModified": "2024-11-21T02:41:30.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-02T21:29:00.667",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1450
Vulnerability from fkie_nvd - Published: 2017-08-31 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128177 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128177 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.0.2 | |
| ibm | emptoris_sourcing | 9.5.1.0 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 | |
| ibm | emptoris_sourcing | 10.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94720238-F3C6-4E3B-AB0D-07A2E00316D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6371A5-AB51-4C52-9548-17572D4F8BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DF0AC4-2026-4A9D-9C7D-8C98E9116238",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 podr\u00eda permitir que un atacante remoto realice ataques de phishing mediante un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 128177."
}
],
"id": "CVE-2017-1450",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-31T14:29:00.383",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1447
Vulnerability from fkie_nvd - Published: 2017-08-31 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128172 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128172 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.0.2 | |
| ibm | emptoris_sourcing | 9.5.1.0 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 | |
| ibm | emptoris_sourcing | 10.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94720238-F3C6-4E3B-AB0D-07A2E00316D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6371A5-AB51-4C52-9548-17572D4F8BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DF0AC4-2026-4A9D-9C7D-8C98E9116238",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. Esto podr\u00eda desembocar en una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 128172."
}
],
"id": "CVE-2017-1447",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-31T14:29:00.307",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1449
Vulnerability from fkie_nvd - Published: 2017-08-31 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128174 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128174 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.0.2 | |
| ibm | emptoris_sourcing | 9.5.1.0 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 | |
| ibm | emptoris_sourcing | 10.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94720238-F3C6-4E3B-AB0D-07A2E00316D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6371A5-AB51-4C52-9548-17572D4F8BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DF0AC4-2026-4A9D-9C7D-8C98E9116238",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 podr\u00eda permitir que un atacante remoto realice ataques de phishing mediante un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 128174."
}
],
"id": "CVE-2017-1449",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-31T14:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1444
Vulnerability from fkie_nvd - Published: 2017-08-31 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128110 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg22005834 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128110 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.0.2 | |
| ibm | emptoris_sourcing | 9.5.1.0 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 | |
| ibm | emptoris_sourcing | 10.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94720238-F3C6-4E3B-AB0D-07A2E00316D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6371A5-AB51-4C52-9548-17572D4F8BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "14DF0AC4-2026-4A9D-9C7D-8C98E9116238",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. Esto podr\u00eda desembocar en una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 128110."
}
],
"id": "CVE-2017-1444",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-31T14:29:00.277",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8947
Vulnerability from fkie_nvd - Published: 2017-07-12 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005549 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99545 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118834 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005549 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99545 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118834 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834"
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing versi\u00f3n 9.5.x hasta 10.1.x, podr\u00eda permitir a un atacante remoto conducir ataques de phishing, usando un ataque de redireccionamiento abierto. Mediante la persuasi\u00f3n a una v\u00edctima para que visite un sitio web especialmente creado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para falsificar la URL desplegada y redireccionar a un usuario hacia un sitio web malicioso que parece ser de confianza. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente confidencial o conducir nuevos ataques contra la v\u00edctima. ID de IBM X-Force: 118834."
}
],
"id": "CVE-2016-8947",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T17:29:00.280",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99545"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8948
Vulnerability from fkie_nvd - Published: 2017-07-12 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005549 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99545 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118835 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005549 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99545 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118835 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing versi\u00f3n 9.5.x hasta 10.1.x, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, y en consecuencia, alterar la funcionalidad deseada que podr\u00eda conllevar a la revelaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 118835."
}
],
"id": "CVE-2016-8948",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T17:29:00.310",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99545"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8953
Vulnerability from fkie_nvd - Published: 2017-07-12 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005549 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99545 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118840 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005549 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99545 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118840 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_sourcing | 9.5 | |
| ibm | emptoris_sourcing | 9.5.0.1 | |
| ibm | emptoris_sourcing | 9.5.1.1 | |
| ibm | emptoris_sourcing | 9.5.1.2 | |
| ibm | emptoris_sourcing | 9.5.1.3 | |
| ibm | emptoris_sourcing | 10.0.0 | |
| ibm | emptoris_sourcing | 10.0.1 | |
| ibm | emptoris_sourcing | 10.0.2 | |
| ibm | emptoris_sourcing | 10.0.4 | |
| ibm | emptoris_sourcing | 10.1.0 | |
| ibm | emptoris_sourcing | 10.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A510872-DA85-4041-9D82-94FE64135F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970BBAEB-9B4E-4E99-A1A6-DB1DEA30B3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8EEB27-C73B-403F-BD6C-012DA02614D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0C51A9-6ED2-43E1-A3AA-88B7EA4EC6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:9.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17BDB2B8-AC6D-4811-B889-F06345EABF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524A7263-139E-4A65-85FB-CF4EFD18740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "349341EF-A838-4642-A8E3-8BD3FDCD1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF61E42-8D4A-4A82-807D-A27E1E38F2BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54A28E28-899C-493A-AE8E-202CEE03881D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "811C5D4F-9A96-416A-84B6-EA3AEFE03173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E566623-639E-4A38-95A9-4A6951D31EF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing versi\u00f3n 9.5.x hasta 10.1.x, podr\u00eda permitir a un atacante remoto realizar ataques de phishing, usando un ataque de redireccionamiento abierto. Mediante la persuasi\u00f3n a una v\u00edctima para que visite un sitio web especialmente creado, un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para falsificar la URL desplegada y redireccionar a un usuario hacia un sitio web malicioso que parece ser de confianza. Esto podr\u00eda permitir al atacante obtener informaci\u00f3n altamente confidencial o conducir nuevos ataques contra la v\u00edctima. ID de IBM X-Force: 118840."
}
],
"id": "CVE-2016-8953",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T17:29:00.373",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99545"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-4896 (GCVE-0-2020-4896)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-16 16:18
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/UI:N/C:L/S:U/A:N/AC:L/PR:N/AV:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398284",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4896",
"datePublished": "2021-01-07T17:40:29.367042Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:18:21.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4484 (GCVE-0-2019-4484)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4484",
"datePublished": "2019-08-20T18:25:27.063733Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:06.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4485 (GCVE-0-2019-4485)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4485",
"datePublished": "2019-08-20T18:25:27.111414Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:50:37.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4308 (GCVE-0-2019-4308)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4308",
"datePublished": "2019-08-20T18:25:26.552896Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:40:47.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0329 (GCVE-0-2016-0329)
Vulnerability from cvelistv5 – Published: 2018-02-02 21:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-emptoris-cve20160329-url-redirect(111692)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-emptoris-cve20160329-url-redirect(111692)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-emptoris-cve20160329-url-redirect(111692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0329",
"datePublished": "2018-02-02T21:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1450 (GCVE-0-2017-1450)
Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-17 03:02
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1450",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:02:45.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1449 (GCVE-0-2017-1449)
Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-17 00:56
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1449",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:56:05.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1447 (GCVE-0-2017-1447)
Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-16 22:21
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1447",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:21:10.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1444 (GCVE-0-2017-1444)
Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-17 02:46
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1444",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:46:42.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4896 (GCVE-0-2020-4896)
Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-16 16:18
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:L/UI:N/C:L/S:U/A:N/AC:L/PR:N/AV:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398284",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/pages/node/6398284"
},
{
"name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4896",
"datePublished": "2021-01-07T17:40:29.367042Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:18:21.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4484 (GCVE-0-2019-4484)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4484",
"datePublished": "2019-08-20T18:25:27.063733Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:06.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4485 (GCVE-0-2019-4485)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4485",
"datePublished": "2019-08-20T18:25:27.111414Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:50:37.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4308 (GCVE-0-2019-4308)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4308",
"datePublished": "2019-08-20T18:25:26.552896Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:40:47.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0329 (GCVE-0-2016-0329)
Vulnerability from nvd – Published: 2018-02-02 21:00 – Updated: 2024-08-05 22:15
VLAI?
Summary
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-emptoris-cve20160329-url-redirect(111692)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-emptoris-cve20160329-url-redirect(111692)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-emptoris-cve20160329-url-redirect(111692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0329",
"datePublished": "2018-02-02T21:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1450 (GCVE-0-2017-1450)
Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-17 03:02
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1450",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:02:45.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1449 (GCVE-0-2017-1449)
Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-17 00:56
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1449",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:56:05.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1447 (GCVE-0-2017-1447)
Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-16 22:21
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1447",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:21:10.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1444 (GCVE-0-2017-1444)
Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-17 02:46
VLAI?
Summary
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
9.5
Affected: 10.0.0 Affected: 10.0.1 Affected: 10.0.2 Affected: 10.0.4 Affected: 10.1.0 Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.0.2"
},
{
"status": "affected",
"version": "10.0.4"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2017-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1444",
"datePublished": "2017-08-31T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:46:42.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}