Cross site request forgery (csrf)

2014-08-2614:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.8%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CPENameOperatorVersion
emptoris_spend_analysiseq9.5.0.2
emptoris_spend_analysiseq10.0.1.1
emptoris_spend_analysiseq10.0.1.0
emptoris_spend_analysiseq9.5.0.1
emptoris_spend_analysiseq10.0.2.2
emptoris_spend_analysiseq9.5.0.0
emptoris_spend_analysiseq10.0.2.0
emptoris_spend_analysiseq10.0.1.2
emptoris_spend_analysiseq9.5.0.3

Name	Operator	Version
emptoris_spend_analysis	eq	9.5.0.2
emptoris_spend_analysis	eq	10.0.1.1
emptoris_spend_analysis	eq	10.0.1.0
emptoris_spend_analysis	eq	9.5.0.1
emptoris_spend_analysis	eq	10.0.2.2
emptoris_spend_analysis	eq	9.5.0.0
emptoris_spend_analysis	eq	10.0.2.0
emptoris_spend_analysis	eq	10.0.1.2
emptoris_spend_analysis	eq	9.5.0.3