Cross site request forgery (csrf)

2016-02-1502:59:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.9%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CPENameOperatorVersion
emptoris_contract_managementeq9.5.0.5
emptoris_contract_managementeq10.0.1.1
emptoris_contract_managementeq9.5.0.6
emptoris_contract_managementeq10.0.1.3
emptoris_contract_managementeq10.0.2.7
emptoris_contract_managementeq10.0.2.1
emptoris_contract_managementeq10.0.2.6
emptoris_contract_managementeq9.5.0.4
emptoris_contract_managementeq10.0.2.2
emptoris_contract_managementeq9.5.0.2

Name	Operator	Version
emptoris_contract_management	eq	9.5.0.5
emptoris_contract_management	eq	10.0.1.1
emptoris_contract_management	eq	9.5.0.6
emptoris_contract_management	eq	10.0.1.3
emptoris_contract_management	eq	10.0.2.7
emptoris_contract_management	eq	10.0.2.1
emptoris_contract_management	eq	10.0.2.6
emptoris_contract_management	eq	9.5.0.4
emptoris_contract_management	eq	10.0.2.2
emptoris_contract_management	eq	9.5.0.2