Search criteria
45 vulnerabilities found for emptoris_strategic_supply_management by ibm
FKIE_CVE-2020-4895
Vulnerability from fkie_nvd - Published: 2021-01-07 18:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190986 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398286 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190986 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398286 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_strategic_supply_management | * | |
| ibm | emptoris_strategic_supply_management | * | |
| ibm | emptoris_strategic_supply_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B46D6F5-EEDA-4264-A443-02D1DC57428C",
"versionEndExcluding": "10.1.0.38",
"versionStartIncluding": "10.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0CEF3D-C43D-4D5C-B8CB-6AB9622A0D17",
"versionEndExcluding": "10.1.1.35",
"versionStartIncluding": "10.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20071E73-5BF3-46B7-B880-28DE74332CE6",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management versiones 10.1.0, 10.1.1 y 10.1.3, es vulnerable a un ataque de tipo cross-site scripting almacenada.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190986"
}
],
"id": "CVE-2020-4895",
"lastModified": "2024-11-21T05:33:23.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-07T18:15:13.527",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398286"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4893
Vulnerability from fkie_nvd - Published: 2021-01-07 18:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190984 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398282 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190984 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398282 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_strategic_supply_management | * | |
| ibm | emptoris_strategic_supply_management | * | |
| ibm | emptoris_strategic_supply_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B46D6F5-EEDA-4264-A443-02D1DC57428C",
"versionEndExcluding": "10.1.0.38",
"versionStartIncluding": "10.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0CEF3D-C43D-4D5C-B8CB-6AB9622A0D17",
"versionEndExcluding": "10.1.1.35",
"versionStartIncluding": "10.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20071E73-5BF3-46B7-B880-28DE74332CE6",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management versiones 10.1.0, 10.1.1 y 10.1.3, transmite informaci\u00f3n confidencial en los par\u00e1metros de petici\u00f3n HTTP GET.\u0026#xa0;Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n por medio de m\u00e9todos man in the middle.\u0026#xa0;IBM X-Force ID: 190984"
}
],
"id": "CVE-2020-4893",
"lastModified": "2024-11-21T05:33:23.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-07T18:15:13.403",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398282"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4898
Vulnerability from fkie_nvd - Published: 2021-01-07 18:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190989 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398278 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190989 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398278 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_strategic_supply_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20071E73-5BF3-46B7-B880-28DE74332CE6",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management versi\u00f3n 10.1.3, utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial.\u0026#xa0;IBM X-Force ID: 190989"
}
],
"id": "CVE-2020-4898",
"lastModified": "2024-11-21T05:33:23.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-07T18:15:13.777",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398278"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1097
Vulnerability from fkie_nvd - Published: 2017-09-05 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C99149B8-DF80-422F-9D16-8DB578B86A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "79298E57-F042-4ED7-8AE1-01A1845F5E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "30DF0D70-78DF-4A3B-9754-D8C46A969FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1302AB01-B4F1-4369-80A9-A5F12A41931C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "247F1C68-BA05-4C44-BA0F-A5BC27106CF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management Platform en versiones de las 10.0.0.x hasta las 10.1.1.x es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podr\u00eda permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web conf\u00eda. IBM X-Force ID: 120657."
}
],
"id": "CVE-2017-1097",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-05T21:29:00.220",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1190
Vulnerability from fkie_nvd - Published: 2017-08-14 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006799 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/123559 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006799 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/123559 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management Platform 10.x y 10.1 podr\u00eda permitir que un usuario local con roles de acceso especiales ejecute c\u00f3digo arbitrario en el sistema. Mediante la manipulaci\u00f3n de una propiedad configurable, un atacante podr\u00eda explotar esta vulnerabilidad para obtener el control total del sistema. IBM X-Force ID: 123559."
}
],
"id": "CVE-2017-1190",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-14T22:29:00.313",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6021
Vulnerability from fkie_nvd - Published: 2017-08-14 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006799 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/116755 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006799 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/116755 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 y 10.1 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. Esto podr\u00eda desembocar en una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 116755."
}
],
"id": "CVE-2016-6021",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-14T22:29:00.203",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6029
Vulnerability from fkie_nvd - Published: 2017-08-14 22:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006799 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/116881 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006799 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/116881 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881."
},
{
"lang": "es",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 y 10.1 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible, debido a la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sensible empleando t\u00e9cnicas Man-in-the-Middle (MitM). IBM X-Force ID: 116881."
}
],
"id": "CVE-2016-6029",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-14T22:29:00.267",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6121
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118383 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118383 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x y 10.1.x es vulnerable a un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando las funcionalidades planeadas. Esto podr\u00eda desembocar en una revelavi\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 118383."
}
],
"id": "CVE-2016-6121",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.387",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8949
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118836 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118836 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management en versiones 10.0.x y 10.1.x podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 118836."
}
],
"id": "CVE-2016-8949",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.417",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1448
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128173 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128173 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management en sus versiones 10.0.x y 10.1.x podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 128173."
}
],
"id": "CVE-2017-1448",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.527",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-4898 (GCVE-0-2020-4898)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.1.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"name": "ibm-emptoris-cve20204898-info-disc (190989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AV:N/PR:N/A:N/AC:H/C:H/S:U/UI:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"name": "ibm-emptoris-cve20204898-info-disc (190989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398278",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)",
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"name": "ibm-emptoris-cve20204898-info-disc (190989)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4898",
"datePublished": "2021-01-07T17:40:30.652729Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:46.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4893 (GCVE-0-2020-4893)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-16 22:36
VLAI?
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"name": "ibm-emptoris-cve20204893-info-disc (190984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/S:U/C:H/UI:N/AV:N/A:N/PR:N/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"name": "ibm-emptoris-cve20204893-info-disc (190984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398282",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)",
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"name": "ibm-emptoris-cve20204893-info-disc (190984)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4893",
"datePublished": "2021-01-07T17:40:28.080707Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:36:16.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4895 (GCVE-0-2020-4895)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-17 01:00
VLAI?
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"name": "ibm-emptoris-cve20204895-xss (190986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/C:L/S:C/AV:N/A:N/AC:L/PR:L/I:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:28",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"name": "ibm-emptoris-cve20204895-xss (190986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398286",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398286 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"name": "ibm-emptoris-cve20204895-xss (190986)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4895",
"datePublished": "2021-01-07T17:40:28.748680Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:00:43.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1097 (GCVE-0-2017-1097)
Vulnerability from cvelistv5 – Published: 2017-09-05 21:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-1097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006963",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1097",
"datePublished": "2017-09-05T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T16:28:01.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6029 (GCVE-0-2016-6029)
Vulnerability from cvelistv5 – Published: 2017-08-14 22:00 – Updated: 2024-09-16 22:56
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006799",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6029",
"datePublished": "2017-08-14T22:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T22:56:01.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1190 (GCVE-0-2017-1190)
Vulnerability from cvelistv5 – Published: 2017-08-14 22:00 – Updated: 2024-09-16 19:41
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006799",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1190",
"datePublished": "2017-08-14T22:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:41:49.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6021 (GCVE-0-2016-6021)
Vulnerability from cvelistv5 – Published: 2017-08-14 22:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006799",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6021",
"datePublished": "2017-08-14T22:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T20:57:21.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6121 (GCVE-0-2016-6121)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6121",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T20:36:49.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1448 (GCVE-0-2017-1448)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 19:51
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1448",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:51:54.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8949 (GCVE-0-2016-8949)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-8949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8949",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:18:53.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4898 (GCVE-0-2020-4898)
Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-16 17:59
VLAI?
Summary
IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.1.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"name": "ibm-emptoris-cve20204898-info-disc (190989)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AV:N/PR:N/A:N/AC:H/C:H/S:U/UI:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"name": "ibm-emptoris-cve20204898-info-disc (190989)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398278",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398278 (Emptoris Strategic Supply Management)",
"url": "https://www.ibm.com/support/pages/node/6398278"
},
{
"name": "ibm-emptoris-cve20204898-info-disc (190989)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4898",
"datePublished": "2021-01-07T17:40:30.652729Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:46.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4893 (GCVE-0-2020-4893)
Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-16 22:36
VLAI?
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"name": "ibm-emptoris-cve20204893-info-disc (190984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/S:U/C:H/UI:N/AV:N/A:N/PR:N/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"name": "ibm-emptoris-cve20204893-info-disc (190984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398282",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398282 (Emptoris Strategic Supply Management)",
"url": "https://www.ibm.com/support/pages/node/6398282"
},
{
"name": "ibm-emptoris-cve20204893-info-disc (190984)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4893",
"datePublished": "2021-01-07T17:40:28.080707Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:36:16.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4895 (GCVE-0-2020-4895)
Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-17 01:00
VLAI?
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"name": "ibm-emptoris-cve20204895-xss (190986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/C:L/S:C/AV:N/A:N/AC:L/PR:L/I:L/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:28",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"name": "ibm-emptoris-cve20204895-xss (190986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190986."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398286",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398286 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/pages/node/6398286"
},
{
"name": "ibm-emptoris-cve20204895-xss (190986)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190986"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4895",
"datePublished": "2021-01-07T17:40:28.748680Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:00:43.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1097 (GCVE-0-2017-1097)
Vulnerability from nvd – Published: 2017-09-05 21:00 – Updated: 2024-09-16 16:28
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-05T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-1097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006963",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006963"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1097",
"datePublished": "2017-09-05T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T16:28:01.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6029 (GCVE-0-2016-6029)
Vulnerability from nvd – Published: 2017-08-14 22:00 – Updated: 2024-09-16 22:56
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006799",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6029",
"datePublished": "2017-08-14T22:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T22:56:01.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1190 (GCVE-0-2017-1190)
Vulnerability from nvd – Published: 2017-08-14 22:00 – Updated: 2024-09-16 19:41
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123559"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006799",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1190",
"datePublished": "2017-08-14T22:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:41:49.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6021 (GCVE-0-2016-6021)
Vulnerability from nvd – Published: 2017-08-14 22:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Strategic Supply Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Strategic Supply Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-14T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116755"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006799",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6021",
"datePublished": "2017-08-14T22:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T20:57:21.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6121 (GCVE-0-2016-6121)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6121",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T20:36:49.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1448 (GCVE-0-2017-1448)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 19:51
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1448",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:51:54.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8949 (GCVE-0-2016-8949)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-8949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8949",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:18:53.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}