Lucene search
K

593 matches found

CNVD
CNVD
added 2015/01/14 12:0 a.m.5 views

XML External Entity Information Disclosure Vulnerability in Multiple IBM Products

IBM Emptoris Contract Management software is a solution that automates the contract lifecycle. An XML external entity information disclosure vulnerability exists in multiple IBM products, which can be exploited by attackers to access sensitive information...

4CVSS6.2AI score0.01419EPSS
Exploits0References1
NVD
NVD
added 2015/01/10 2:59 a.m.19 views

CVE-2014-6212

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2...

4CVSS6.2AI score0.01419EPSS
Exploits0References2
Prion
Prion
added 2015/01/10 2:59 a.m.16 views

Xxe

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2...

4CVSS6.6AI score0.01419EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2015/01/10 2:0 a.m.45 views

CVE-2014-6212

The CVE-2014-6212 issue is an XML External Entity (XXE) vulnerability in IBM Emptoris family products (Contract Management, Sourcing, Program Management/SSMP). The Echo API across multiple versions (Contract Management 9.5.x up to 9.5.0.6 iFix11; 10.0.0.x up to 10.0.0.1 iFix12; 10.0.1.x up to 10....

4CVSS6.3AI score0.01419EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/01/10 2:0 a.m.21 views

CVE-2014-6212

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2...

6.2AI score0.01419EPSS
Exploits0References2
NVD
NVD
added 2014/08/26 2:55 p.m.19 views

CVE-2014-3035

Cross-site scripting XSS vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.1AI score0.00936EPSS
Exploits0References3
NVD
NVD
added 2014/08/26 2:55 p.m.11 views

CVE-2014-3041

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS7.7AI score0.01029EPSS
Exploits0References3
NVD
NVD
added 2014/08/26 2:55 p.m.14 views

CVE-2014-3034

Cross-site scripting XSS vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.1AI score0.00936EPSS
Exploits0References3
NVD
NVD
added 2014/08/26 2:55 p.m.16 views

CVE-2014-3061

Cross-site request forgery CSRF vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

6.8CVSS6.5AI score0.00626EPSS
Exploits0References3
Prion
Prion
added 2014/08/26 2:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.4AI score0.00936EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/08/26 2:55 p.m.13 views

Sql injection

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS8.3AI score0.01029EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/08/26 2:55 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.5AI score0.00936EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/08/26 2:55 p.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

6.8CVSS6.8AI score0.00626EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/08/26 2:0 p.m.16 views

CVE-2014-3041

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

7.7AI score0.01029EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/08/26 2:0 p.m.18 views

CVE-2014-3061

Cross-site request forgery CSRF vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

6.5AI score0.00626EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/08/26 2:0 p.m.26 views

CVE-2014-3035

Cross-site scripting XSS vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2014/08/26 2:0 p.m.47 views

CVE-2014-3034

The CVE-2014-3034 entry describes a cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management. It affects IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2. The flaw all...

3.5CVSS6.8AI score0.00936EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/08/26 2:0 p.m.22 views

CVE-2014-3034

Cross-site scripting XSS vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2014/08/26 2:0 p.m.47 views

CVE-2014-3041

IBM Emptoris Contract Management is affected by CVE-2014-3041, a SQL injection vulnerability in 9.5.x before 9.5.0.6 iFix 10; 10.0.0.x before 10.0.0.1 iFix 10; 10.0.1.x before 10.0.1.4; and 10.0.2.x before 10.0.2.2 iFix 2. Remote authenticated users can execute arbitrary SQL commands via unspecif...

6.5CVSS9.2AI score0.01029EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/08/26 2:0 p.m.44 views

CVE-2014-3035

CVE-2014-3035 affects IBM Emptoris Spend Analysis: versions 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue is a Cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The NV...

3.5CVSS6.8AI score0.00936EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder