Lucene search
K

593 matches found

CVE
CVE
added 2014/08/26 2:0 p.m.44 views

CVE-2014-3061

IBM Emptoris Spend Analysis is affected by a CSRF vulnerability (CVE-2014-3061) in 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Root cause is ...

6.8CVSS9.2AI score0.00626EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/08/26 10:55 a.m.15 views

CVE-2014-4790

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which...

4.9CVSS5.9AI score0.00803EPSS
Exploits0References5
NVD
NVD
added 2014/08/26 10:55 a.m.16 views

CVE-2014-3040

Cross-site request forgery CSRF vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x...

6CVSS6.1AI score0.00851EPSS
Exploits0References7
NVD
NVD
added 2014/08/26 10:55 a.m.18 views

CVE-2014-3033

Cross-site scripting XSS vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.1AI score0.00936EPSS
Exploits0References3
Prion
Prion
added 2014/08/26 10:55 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.4AI score0.00936EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/08/26 10:55 a.m.17 views

Design/Logic Flaw

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which...

4.9CVSS6.4AI score0.00803EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2014/08/26 10:55 a.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x...

6CVSS6.4AI score0.00851EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2014/08/26 10:0 a.m.21 views

CVE-2014-3040

Cross-site request forgery CSRF vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x...

6.1AI score0.00851EPSS
Exploits0References7
Cvelist
Cvelist
added 2014/08/26 10:0 a.m.25 views

CVE-2014-3033

Cross-site scripting XSS vulnerability in IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2014/08/26 10:0 a.m.53 views

CVE-2014-4790

The CVE-2014-4790 entry affects IBM Emptoris Sourcing Portfolio and Emptoris Spend Analysis. Affected.product components: Emptoris Sourcing Portfolio versions 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; Emptoris Spend Analysis versions 9...

4.9CVSS8.6AI score0.00803EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/08/26 10:0 a.m.16 views

CVE-2014-4790

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which...

5.9AI score0.00803EPSS
Exploits0References5
CVE
CVE
added 2014/08/26 10:0 a.m.43 views

CVE-2014-3040

CVE-2014-3040 is a CSRF vulnerability in IBM Emptoris family (Contract Management, Sourcing Portfolio, Spend Analysis). The flaw affects multiple versions across 9.5.x and 10.x, where remote authenticated users can hijack a user’s session by crafting requests that insert XSS sequences. Affected c...

6CVSS9AI score0.00851EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2014/08/26 10:0 a.m.41 views

CVE-2014-3033

IBM Emptoris Sourcing Portfolio is affected by a Cross-site Scripting (XSS) vulnerability in multiple versions: 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue permits remote authenticated users to inject arbitrary web script or HT...

3.5CVSS6.8AI score0.00936EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder