Search criteria
15 vulnerabilities found for emptoris_supplier_lifecycle_management by ibm
FKIE_CVE-2017-1098
Vulnerability from fkie_nvd - Published: 2017-09-07 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005824 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/120658 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005824 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/120658 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.0 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.1 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.2 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.3 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.4 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.5 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.6 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.7 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.8 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.9 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.10 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.11 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.12 | |
| ibm | emptoris_supplier_lifecycle_management | 10.1.0.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "464DFCCD-F094-495E-843B-58D112F5E647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29083642-622C-45A2-8D2D-B3DFEA8801DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98D971E3-2C2D-44DC-ADF5-70C4E4FE20FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "27B395BC-C8DD-46D2-A2D1-1038BCD5E9DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C942F9F-685A-463D-B8F4-146870ADB4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2BF576-7DAA-482F-B444-F810BAFCE49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A21B4FF-2A6C-45F8-BB1E-F3DA9162FD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "05C43888-3A83-45D6-95A2-A677C6D6D5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8091E6B3-3DB8-41F7-AD87-3A21257CE90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CA519B53-A6BF-44CE-853A-818219EA6322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2027D4-B354-4F99-900A-5946770FA1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF9CCA4-5999-4063-95E0-8C3FE7504818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "728D568A-7633-4B10-BF69-E6CAB889FA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAA1687-A0DA-42B7-B4A6-D4ECC8B25759",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 120658."
}
],
"id": "CVE-2017-1098",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-07T16:29:00.237",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6121
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118383 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118383 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x y 10.1.x es vulnerable a un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando las funcionalidades planeadas. Esto podr\u00eda desembocar en una revelavi\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 118383."
}
],
"id": "CVE-2016-6121",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.387",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1448
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128173 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128173 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management en sus versiones 10.0.x y 10.1.x podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 128173."
}
],
"id": "CVE-2017-1448",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.527",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8949
Vulnerability from fkie_nvd - Published: 2017-08-09 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/118836 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22006854 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100222 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/118836 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD32235-AA85-4EC7-B80E-D21CF7D3B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD90BD58-2DA8-4996-97C7-FA8C33BAE91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE42663-A9ED-4699-954C-88FF3CC269DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "918C6DE4-AB67-4441-B909-201EDDD6752E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8F322CBE-90CB-448F-9050-422A155F1099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E465BDB0-7B28-44D5-8BBB-652849A835F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DAE142-6C1A-4913-B485-868CCC2A1A6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7400F66A-874B-4631-9601-9A44A97FD3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DF466B8C-B1EC-46AD-A229-7952F590CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7C949766-E6EE-400C-8783-4D0B26FE066D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5EF36C-0B12-4E83-BF97-7C6DE880ED5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B2C996-EAD2-4FAB-A526-2885BEBBB5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C631E15C-1D03-48FB-8407-C5C5BECCD88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF57983-F635-43B7-B829-ECCB90316C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0DAE73-DDAC-4972-BD28-456E506B0DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "006B14A4-D8B0-4FA1-ABCE-E8A07AA6D752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "725D01D2-25EB-400A-8C54-9EE85DA400CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CF890B-1F33-4923-8C7B-69FEC29D5476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C5E315-9C99-4B09-BD91-30EC10E1F6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D686D3-3866-4126-B0B4-F1F3C44E8915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F300CFB-AA06-4458-A0E1-E678364E2FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4E03914-296D-4A9E-91B0-A240471F46D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "99088F49-1908-4979-A88C-F8929190515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B4CD3A-9D28-4B27-A662-3A70767ED6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB1086A-67C8-4335-88F1-F7D4F2EADC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0561DAA-35D3-46EA-9E76-8E2E71445D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "806C334F-FC48-4B32-A0F6-D1A5E47BF69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "83A99871-8804-41BA-AAA9-BDEC07BF9977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DD6C313E-5816-437B-8C62-D893A254FBEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B043330-8938-4B6F-9EF0-D3DE596D8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2308F7C3-8B20-48E5-A22E-E60C9E40BD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E98450-93BC-4C9C-96B9-AD87B865445E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE14C7-C72A-4492-831D-E2FC69F4A66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6A06DC9A-A90D-4E84-AB18-EA51D15289DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
},
{
"lang": "es",
"value": "IBM Emptoris Supplier Lifecycle Management en versiones 10.0.x y 10.1.x podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 118836."
}
],
"id": "CVE-2016-8949",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.417",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4939
Vulnerability from fkie_nvd - Published: 2015-10-06 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21966754 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21966754 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9B1DC9-F22F-41BC-B6C9-4685875F8045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50FAD1F-069A-48FD-9A8A-F8119AAB7A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77305FCA-01E4-4737-970A-07C45396A976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "278587DC-3427-4427-9268-61EA751ACD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4613100D-8070-46FA-8BBF-7A400CDF3418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5373CACA-8948-446C-A21F-324A4A8D57E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B08D2BA9-80F9-4CC7-8388-620414472A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAB6666-011E-41B9-8996-896CC3D9D499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "17ABFA96-BFA3-4C38-9CFB-08BF643A70CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A73010A1-5692-49AD-9D64-F8AD988A77A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF55ABA-EA8E-4F11-BCF2-CB560E5AEB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "141AF70C-0AAD-45DC-AF01-FFD86D8D768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "621FD0A9-C3AA-4114-961E-3B3F587CA3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D60B4BEB-8C1D-40F6-A63D-23F0CD6FA907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "502EC4B3-DDD9-40E5-BDF8-5F77B4B0709E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_program_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E44CFFD9-CD58-459A-A5CF-EF5DFAF9E09C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE577C59-6C1B-4878-A708-5B4E5F65BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5EF975-25A8-4297-BB5C-5D8D6CA88DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCAA80-D144-4064-B96F-D4E7A7B94623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7BB95E-1DB8-4867-8BAD-C477DF0700A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49660891-48F1-4DB3-85AB-1F123F4571E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E76021-96F2-4EF3-B5D7-EE4135530AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E3AA06-713A-4FEE-BC8F-F647FD817A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4203E000-9148-4C36-ADC3-DABC2985C52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E79273-2C57-415E-8AB9-C499295B3ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68994B41-BCC9-4620-8454-D57DE0B5C9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E3BED0-FC48-411C-949F-B5B853EB95B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D443B00-594F-4E5B-9943-E6ABEE3DF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_supplier_lifecycle_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B7765BD4-FE09-4B05-A8D4-B547C5C7AE6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5555B678-E8D8-43CC-8117-7CE4E8796A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C21FB10-17CF-4968-A4D6-B62BA6B5D7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C308D968-9F2F-44FE-9820-B1E1850B5127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90517A03-8F15-41B1-B30C-548B04B8C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD66461-A68B-44A1-BE9D-51D600F77FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59E7DBF-728D-4463-B28A-B21A3DDBA6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D86A9B-A047-4299-8D21-E2F1CA512AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3643AA98-41D9-4692-A327-77E9320B19FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "316CC123-E4DE-4DE6-B077-457FA34D22D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C1A95D-7F81-4A0D-9353-17B4E651F40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E856B7F-E960-46C3-B828-508689AE375F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBECE59F-3B62-4DDF-884A-963D6B64E6CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "697DE60B-55BC-4F65-9045-77D5B11395CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D5E97-2A91-4E4D-AD28-5DDD86AD4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12170D-1E85-4116-8EAC-B5C8F8D0C53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4FB269-336D-46B9-8E63-ED9FB0BCB6F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3290A0-A8B3-4CB5-B762-3DB2C39EF3ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Emptoris Supplier Lifecycle Management y Emptoris Program Management 10.x en versiones anteriores a 10.0.1.4_iFix3, 10.0.2.x en versiones anteriores a 10.0.2.7_iFix1, 10.0.3.x en versiones anteriores a 10.0.3.2 y 10.0.4.x en versiones anteriores a 10.0.4.0_iFix1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-4939",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-06T01:59:08.140",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-1098 (GCVE-0-2017-1098)
Vulnerability from cvelistv5 – Published: 2017-09-07 16:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005824",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1098",
"datePublished": "2017-09-07T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1448 (GCVE-0-2017-1448)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 19:51
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1448",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:51:54.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6121 (GCVE-0-2016-6121)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6121",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T20:36:49.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8949 (GCVE-0-2016-8949)
Vulnerability from cvelistv5 – Published: 2017-08-09 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-8949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8949",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:18:53.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4939 (GCVE-0-2015-4939)
Vulnerability from cvelistv5 – Published: 2015-10-05 10:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4939",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1098 (GCVE-0-2017-1098)
Vulnerability from nvd – Published: 2017-09-07 16:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005824",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005824"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1098",
"datePublished": "2017-09-07T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1448 (GCVE-0-2017-1448)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 19:51
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2017-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1448",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:51:54.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6121 (GCVE-0-2016-6121)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-6121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118383"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6121",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T20:36:49.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8949 (GCVE-0-2016-8949)
Vulnerability from nvd – Published: 2017-08-09 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Supplier Lifecycle Management |
Affected:
10.1.0.0
Affected: 10.0.0.0 Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Supplier Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0.0"
},
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.1.0"
}
]
}
],
"datePublic": "2017-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-04T00:00:00",
"ID": "CVE-2016-8949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Supplier Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006854",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006854"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118836"
},
{
"name": "100222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8949",
"datePublished": "2017-08-09T18:00:00Z",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-09-16T16:18:53.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4939 (GCVE-0-2015-4939)
Vulnerability from nvd – Published: 2015-10-05 10:00 – Updated: 2024-08-06 06:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4939",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}