Search criteria

12 vulnerabilities found for emptoris_sourcing_portfolio by ibm

FKIE_CVE-2014-6212

Vulnerability from fkie_nvd - Published: 2015-01-10 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21693069Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98689
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21693069Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/98689
Impacted products
Vendor Product Version
ibm emptoris_sourcing_portfolio 9.5.0.0
ibm emptoris_sourcing_portfolio 9.5.0.1
ibm emptoris_sourcing_portfolio 9.5.0.2
ibm emptoris_sourcing_portfolio 9.5.1.0
ibm emptoris_sourcing_portfolio 9.5.1.1
ibm emptoris_sourcing_portfolio 9.5.1.2
ibm emptoris_sourcing_portfolio 9.5.1.3
ibm emptoris_sourcing_portfolio 10.0.0.0
ibm emptoris_sourcing_portfolio 10.0.0.1
ibm emptoris_sourcing_portfolio 10.0.1.0
ibm emptoris_sourcing_portfolio 10.0.1.1
ibm emptoris_sourcing_portfolio 10.0.1.2
ibm emptoris_sourcing_portfolio 10.0.1.3
ibm emptoris_sourcing_portfolio 10.0.2.0
ibm emptoris_sourcing_portfolio 10.0.2.2
ibm emptoris_sourcing_portfolio 10.0.2.3
ibm emptoris_sourcing_portfolio 10.0.2.4
ibm emptoris_program_management 10.0.0.0
ibm emptoris_program_management 10.0.0.1
ibm emptoris_program_management 10.0.0.2
ibm emptoris_program_management 10.0.0.3
ibm emptoris_program_management 10.0.1.0
ibm emptoris_program_management 10.0.1.1
ibm emptoris_program_management 10.0.1.2
ibm emptoris_program_management 10.0.1.3
ibm emptoris_program_management 10.0.1.4
ibm emptoris_program_management 10.0.2.0
ibm emptoris_program_management 10.0.2.1
ibm emptoris_program_management 10.0.2.2
ibm emptoris_program_management 10.0.2.3
ibm emptoris_program_management 10.0.2.4
ibm emptoris_contract_management 9.5.0.0
ibm emptoris_contract_management 9.5.0.1
ibm emptoris_contract_management 9.5.0.2
ibm emptoris_contract_management 9.5.0.3
ibm emptoris_contract_management 9.5.0.4
ibm emptoris_contract_management 9.5.0.5
ibm emptoris_contract_management 9.5.0.6
ibm emptoris_contract_management 10.0.0.0
ibm emptoris_contract_management 10.0.0.1
ibm emptoris_contract_management 10.0.1.0
ibm emptoris_contract_management 10.0.1.1
ibm emptoris_contract_management 10.0.1.2
ibm emptoris_contract_management 10.0.1.3
ibm emptoris_contract_management 10.0.1.4
ibm emptoris_contract_management 10.0.1.5
ibm emptoris_contract_management 10.0.2.0
ibm emptoris_contract_management 10.0.2.1
ibm emptoris_contract_management 10.0.2.2
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
ibm emptoris strategic_supply_management
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F09E04-62B4-4FC6-9A10-9D7ADAF60A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E5F066-9DB4-4E4C-B253-6C3FA0386849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CE689B-1C0B-47BF-811F-9B72165372BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CBC2237-25F5-4526-BB42-74D7CC5997E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98991F0-404C-499D-8BE7-07A628D318EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*",
              "matchCriteriaId": "204C0EAC-B3B2-4784-9817-B33438E53663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.1:*:*:*:*:*:*",
              "matchCriteriaId": "A273D433-B63F-4BF5-8831-428E8E083F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.2:*:*:*:*:*:*",
              "matchCriteriaId": "01F19980-C76C-412F-9EA7-08F71D947F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.0.3:*:*:*:*:*:*",
              "matchCriteriaId": "60E4BFC5-CF3C-480D-8EA7-CAC96060C406",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*",
              "matchCriteriaId": "C456A948-C87A-4537-80A9-649BF593B3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.1:*:*:*:*:*:*",
              "matchCriteriaId": "8094CD70-C955-4E1C-A0D3-B9166E24AB34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.2:*:*:*:*:*:*",
              "matchCriteriaId": "A499B3BF-7A08-4BB9-BA54-B16030F24E4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.3:*:*:*:*:*:*",
              "matchCriteriaId": "3A3779FD-5E52-4CD4-AE0B-62E9B315AE1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.1.4:*:*:*:*:*:*",
              "matchCriteriaId": "1912BFE3-060C-4C53-ACAB-1A2B04566872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*",
              "matchCriteriaId": "8051030A-B35F-483D-9D9F-40FE971C840F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.1:*:*:*:*:*:*",
              "matchCriteriaId": "0A90BFE2-578C-40E4-8A52-B8482E53B549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.2:*:*:*:*:*:*",
              "matchCriteriaId": "6935C831-2C4B-4E96-855A-F91C3FDE0749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.3:*:*:*:*:*:*",
              "matchCriteriaId": "59034A1D-ECE9-4A1A-ADC6-1FB37AE29D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris:strategic_supply_management:10.0.2.4:*:*:*:*:*:*",
              "matchCriteriaId": "814D1A05-F245-4AD1-8429-D7577F4F61BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "La API Echo en IBM Emptoris Contract Management 9.5.x anterior a 9.5.0.6 iFix11, 10.0.0.x anterior a 10.0.0.1 iFix12, 10.0.1.x anterior a 10.0.1.5 iFix2, y 10.0.2.x anterior a 10.0.2.2 iFix5; Emptoris Sourcing 9.5 anterior a 9.5.1.3 iFix2, 10.0.0.x anterior a 10.0.0.1 iFix1, 10.0.1.x anterior a 10.0.1.3 iFix1, y 10.0.2.x anterior a 10.0.2.5; y Emptoris Program Management (tambi\u00e9n conocido como PGM) y Strategic Supply Management (tambi\u00e9n conocido como SSMP) 10.0.0.x anterior a 10.0.0.3 iFix6, 10.0.1.x anterior a 10.0.1.4 iFix1, y 10.0.2.x anterior a 10.0.2.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de una declaraci\u00f3n de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE)."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\" target=\"_blank\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2014-6212",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-10T02:59:28.227",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3033

Vulnerability from fkie_nvd - Published: 2014-08-26 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60481
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21680665Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93192
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60481
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21680665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93192
Impacted products
Vendor Product Version
ibm emptoris_sourcing_portfolio 9.5.0.0
ibm emptoris_sourcing_portfolio 9.5.0.1
ibm emptoris_sourcing_portfolio 9.5.0.2
ibm emptoris_sourcing_portfolio 9.5.1.0
ibm emptoris_sourcing_portfolio 9.5.1.1
ibm emptoris_sourcing_portfolio 9.5.1.2
ibm emptoris_sourcing_portfolio 10.0.0.0
ibm emptoris_sourcing_portfolio 10.0.1.0
ibm emptoris_sourcing_portfolio 10.0.1.1
ibm emptoris_sourcing_portfolio 10.0.1.2
ibm emptoris_sourcing_portfolio 10.0.2.0
ibm emptoris_sourcing_portfolio 10.0.2.2
ibm emptoris_sourcing_portfolio 10.0.2.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Emptoris Sourcing Portfolio 9.5.x anterior a 9.5.1.3, 10.0.0.x anterior a 10.0.0.1, 10.0.1.x anterior a 10.0.1.3, y 10.0.2.x anterior a 10.0.2.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2014-3033",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-26T10:55:04.137",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60481"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-3040

Vulnerability from fkie_nvd - Published: 2014-08-26 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60479
psirt@us.ibm.comhttp://secunia.com/advisories/60480
psirt@us.ibm.comhttp://secunia.com/advisories/60481
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21680370Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21680665Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21681277Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93306
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60479
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60480
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60481
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21680370Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21680665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21681277Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93306
Impacted products
Vendor Product Version
ibm emptoris_spend_analysis 9.5.0.0
ibm emptoris_spend_analysis 9.5.0.1
ibm emptoris_spend_analysis 9.5.0.2
ibm emptoris_spend_analysis 9.5.0.3
ibm emptoris_spend_analysis 10.0.0.0
ibm emptoris_spend_analysis 10.0.0.1
ibm emptoris_spend_analysis 10.0.1.0
ibm emptoris_spend_analysis 10.0.1.1
ibm emptoris_spend_analysis 10.0.1.2
ibm emptoris_spend_analysis 10.0.2.0
ibm emptoris_spend_analysis 10.0.2.2
ibm emptoris_sourcing_portfolio 9.5.0.0
ibm emptoris_sourcing_portfolio 9.5.0.1
ibm emptoris_sourcing_portfolio 9.5.0.2
ibm emptoris_sourcing_portfolio 9.5.1.0
ibm emptoris_sourcing_portfolio 9.5.1.1
ibm emptoris_sourcing_portfolio 9.5.1.2
ibm emptoris_sourcing_portfolio 10.0.0.0
ibm emptoris_sourcing_portfolio 10.0.1.0
ibm emptoris_sourcing_portfolio 10.0.1.1
ibm emptoris_sourcing_portfolio 10.0.1.2
ibm emptoris_sourcing_portfolio 10.0.2.0
ibm emptoris_sourcing_portfolio 10.0.2.2
ibm emptoris_sourcing_portfolio 10.0.2.3
ibm emptoris_contract_management 9.5.0.0
ibm emptoris_contract_management 9.5.0.1
ibm emptoris_contract_management 9.5.0.2
ibm emptoris_contract_management 9.5.0.3
ibm emptoris_contract_management 9.5.0.4
ibm emptoris_contract_management 9.5.0.5
ibm emptoris_contract_management 9.5.0.6
ibm emptoris_contract_management 10.0.0.0
ibm emptoris_contract_management 10.0.0.1
ibm emptoris_contract_management 10.0.1.0
ibm emptoris_contract_management 10.0.1.1
ibm emptoris_contract_management 10.0.1.2
ibm emptoris_contract_management 10.0.1.3
ibm emptoris_contract_management 10.0.1.5
ibm emptoris_contract_management 10.0.2.0
ibm emptoris_contract_management 10.0.2.1
ibm emptoris_contract_management 10.0.2.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1173E8F6-A85E-452C-9B36-89427D57DDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD21D4C5-5180-4AE0-A11F-009A6CF1EFA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC42DEB-FA8D-42C4-ACDC-0A5036939B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122AF0-070A-41EE-980C-C55BF1A7995F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "117DE7FF-B360-4289-A576-5C0868C71ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF90C02-38E5-4994-9360-867121A796C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "501E457B-084A-4E3B-981A-01B19B28B0B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F1BCFD-6DCD-4427-AC89-638588878713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C2FD0BD-DFFF-4512-A290-EACBC82EFB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "251FE42A-D7C2-415A-8356-F0B1A141147A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A975908E-A3C9-4F2C-AE37-66F6F54239DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en IBM Emptoris Contract Management 9.5.x anterior a 9.5.0.6 iFix 10, 10.0.0.x anterior a 10.0.0.1 iFix 10, 10.0.1.x anterior a 10.0.1.4, y 10.0.2.x anterior a 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x anterior a 9.5.1.3, 10.0.0.x anterior a 10.0.0.1, 10.0.1.x anterior a 10.0.1.3, y 10.0.2.x anterior a 10.0.2.4; y Emptoris Spend Analysis 9.5.x anterior a 9.5.0.4, 10.0.1.x anterior a 10.0.1.3, y 10.0.2.x anterior a 10.0.2.4 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
    }
  ],
  "id": "CVE-2014-3040",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-26T10:55:04.183",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60479"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60480"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60481"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-4790

Vulnerability from fkie_nvd - Published: 2014-08-26 10:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60480
psirt@us.ibm.comhttp://secunia.com/advisories/60481
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21680665Patch, Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21681277Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60480
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60481
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21680665Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21681277Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93195
Impacted products
Vendor Product Version
ibm emptoris_spend_analysis 9.5.0.0
ibm emptoris_spend_analysis 9.5.0.1
ibm emptoris_spend_analysis 9.5.0.2
ibm emptoris_spend_analysis 9.5.0.3
ibm emptoris_spend_analysis 10.0.1.0
ibm emptoris_spend_analysis 10.0.1.1
ibm emptoris_spend_analysis 10.0.1.2
ibm emptoris_spend_analysis 10.0.2.0
ibm emptoris_spend_analysis 10.0.2.2
ibm emptoris_sourcing_portfolio 9.5.0.0
ibm emptoris_sourcing_portfolio 9.5.0.1
ibm emptoris_sourcing_portfolio 9.5.0.2
ibm emptoris_sourcing_portfolio 9.5.1.0
ibm emptoris_sourcing_portfolio 9.5.1.1
ibm emptoris_sourcing_portfolio 9.5.1.2
ibm emptoris_sourcing_portfolio 10.0.0.0
ibm emptoris_sourcing_portfolio 10.0.1.0
ibm emptoris_sourcing_portfolio 10.0.1.1
ibm emptoris_sourcing_portfolio 10.0.1.2
ibm emptoris_sourcing_portfolio 10.0.2.0
ibm emptoris_sourcing_portfolio 10.0.2.2
ibm emptoris_sourcing_portfolio 10.0.2.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1173E8F6-A85E-452C-9B36-89427D57DDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD21D4C5-5180-4AE0-A11F-009A6CF1EFA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC42DEB-FA8D-42C4-ACDC-0A5036939B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122AF0-070A-41EE-980C-C55BF1A7995F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "501E457B-084A-4E3B-981A-01B19B28B0B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F1BCFD-6DCD-4427-AC89-638588878713",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C2FD0BD-DFFF-4512-A290-EACBC82EFB04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "251FE42A-D7C2-415A-8356-F0B1A141147A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A975908E-A3C9-4F2C-AE37-66F6F54239DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "516752F7-FBA1-4A6B-9BFB-B266024AEBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C6D86CF-6DCD-4B23-AA59-77780D9F141E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE02CB-CD39-4A88-8F9E-AFCDFBB9025F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9AE268C-C2B0-4FC6-BC81-E1A34F95709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81CAB980-749B-4573-8C2E-A3C4E1313CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4F224-F077-4C59-B76E-76A41F829B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67AA9E6-8E05-4EA6-99ED-51C7F5D11501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E34A7ACD-EF0D-4333-A3A0-8CE4CB132FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5820700D-1124-4BF3-ABF5-AD6271D2480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BC7A60-CF57-48BA-BDAF-C995E1FFF30F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7389-8FF9-4E94-BD94-9685E6AADAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "162FE448-69CA-45B7-A902-A5F3A9966D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C9636B-D48A-4836-9679-A6E197FB35CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
    },
    {
      "lang": "es",
      "value": "IBM Emptoris Sourcing Portfolio 9.5.x en versiones anteriores a 9.5.1.3, 10.0.0.x en versiones anteriores a 10.0.0.1, 10.0.1.x en versiones anteriores a 10.0.1.3 y 10.0.2.x en versiones anteriores a 10.0.2.4 y Emptoris Spend Analysis 9.5.x en versiones anteriores a 9.5.0.4, 10.0.1.x en versiones anteriores a 10.0.1.3 y 10.0.2.x en versiones anteriores a10.0.2.4 no restringe adecuadamente el uso de elementos FRAME lo que permite a usuarios remotos autenticados llevar a cabo ataques de phishing y eludir las restricciones destinadas al acceso u obtener informaci\u00f3n sensible, a trav\u00e9s de un sitio web manipulado, relacionado con un problema de \"inyecci\u00f3n de frame\"."
    }
  ],
  "id": "CVE-2014-4790",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-26T10:55:04.607",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60480"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60481"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-6212 (GCVE-0-2014-6212)

Vulnerability from cvelistv5 – Published: 2015-01-10 02:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-emptoris-cve20146212-xxe(98689)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-emptoris-cve20146212-xxe(98689)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-emptoris-cve20146212-xxe(98689)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6212",
    "datePublished": "2015-01-10T02:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3033 (GCVE-0-2014-3033)

Vulnerability from cvelistv5 – Published: 2014-08-26 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-emptoris-cve20143033-xss(93192)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
          },
          {
            "name": "60481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-emptoris-cve20143033-xss(93192)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
        },
        {
          "name": "60481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-emptoris-cve20143033-xss(93192)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
            },
            {
              "name": "60481",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60481"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3033",
    "datePublished": "2014-08-26T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3040 (GCVE-0-2014-3040)

Vulnerability from cvelistv5 – Published: 2014-08-26 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/60480 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60479 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://secunia.com/advisories/60481 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "60480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60480"
          },
          {
            "name": "60479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60479"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
          },
          {
            "name": "60481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
          },
          {
            "name": "ibm-emptoris-cve20143040-csrf(93306)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "60480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60480"
        },
        {
          "name": "60479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60479"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
        },
        {
          "name": "60481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
        },
        {
          "name": "ibm-emptoris-cve20143040-csrf(93306)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "60480",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60480"
            },
            {
              "name": "60479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60479"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
            },
            {
              "name": "60481",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60481"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
            },
            {
              "name": "ibm-emptoris-cve20143040-csrf(93306)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3040",
    "datePublished": "2014-08-26T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4790 (GCVE-0-2014-4790)

Vulnerability from cvelistv5 – Published: 2014-08-26 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "60480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
          },
          {
            "name": "ibm-emportis-cve20144790-phishing(93195)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
          },
          {
            "name": "60481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "60480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
        },
        {
          "name": "ibm-emportis-cve20144790-phishing(93195)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
        },
        {
          "name": "60481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "60480",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60480"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
            },
            {
              "name": "ibm-emportis-cve20144790-phishing(93195)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
            },
            {
              "name": "60481",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60481"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4790",
    "datePublished": "2014-08-26T10:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6212 (GCVE-0-2014-6212)

Vulnerability from nvd – Published: 2015-01-10 02:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-emptoris-cve20146212-xxe(98689)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-emptoris-cve20146212-xxe(98689)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x before 10.0.2.5; and Emptoris Program Management (aka PGM) and Strategic Supply Management (aka SSMP) 10.0.0.x before 10.0.0.3 iFix6, 10.0.1.x before 10.0.1.4 iFix1, and 10.0.2.x before 10.0.2.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-emptoris-cve20146212-xxe(98689)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98689"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693069"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6212",
    "datePublished": "2015-01-10T02:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3033 (GCVE-0-2014-3033)

Vulnerability from nvd – Published: 2014-08-26 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-emptoris-cve20143033-xss(93192)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
          },
          {
            "name": "60481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-emptoris-cve20143033-xss(93192)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
        },
        {
          "name": "60481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-emptoris-cve20143033-xss(93192)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93192"
            },
            {
              "name": "60481",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60481"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3033",
    "datePublished": "2014-08-26T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3040 (GCVE-0-2014-3040)

Vulnerability from nvd – Published: 2014-08-26 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/60480 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60479 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://secunia.com/advisories/60481 third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "60480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60480"
          },
          {
            "name": "60479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60479"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
          },
          {
            "name": "60481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
          },
          {
            "name": "ibm-emptoris-cve20143040-csrf(93306)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "60480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60480"
        },
        {
          "name": "60479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60479"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
        },
        {
          "name": "60481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
        },
        {
          "name": "ibm-emptoris-cve20143040-csrf(93306)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "60480",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60480"
            },
            {
              "name": "60479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60479"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
            },
            {
              "name": "60481",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60481"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
            },
            {
              "name": "ibm-emptoris-cve20143040-csrf(93306)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93306"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3040",
    "datePublished": "2014-08-26T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4790 (GCVE-0-2014-4790)

Vulnerability from nvd – Published: 2014-08-26 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "60480",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60480"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
          },
          {
            "name": "ibm-emportis-cve20144790-phishing(93195)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
          },
          {
            "name": "60481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60481"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "60480",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60480"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
        },
        {
          "name": "ibm-emportis-cve20144790-phishing(93195)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
        },
        {
          "name": "60481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60481"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a \"frame injection\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "60480",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60480"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681277"
            },
            {
              "name": "ibm-emportis-cve20144790-phishing(93195)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93195"
            },
            {
              "name": "60481",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60481"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4790",
    "datePublished": "2014-08-26T10:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}