17 matches found
EUVD-2019-14090
Malware in sbrugna...
EUVD-2019-13915
Malware in sbrugna...
Security Bulletin: Information Disclosure Vulnerability Affects IBM Emptoris Spend Analysis (CVE-2020-4897)
Summary Verbose application errors information disclosure affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-4897 DESCRIPTION: IBM Emptoris could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Thi...
Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)
Summary jQuery security vulnerabilities affect IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...
Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis (CVE-2019-4752)
Summary SQL Injection affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2019-4752 DESCRIPTION: IBM Emptoris Strategic Supply Management Platform is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to vie...
Cross site scripting
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2019-4481
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...
CVE-2019-4308
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...
Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Emptoris Spend Analysis
Summary A cross-site scripting vulnerability in IBM Emptoris Spend Analysis could allow an attacker to execute a script in a victim's Web browser Vulnerability Details IBM Emptoris Spend Analysis is vulnerable to cross-site scripting, caused by improper validation of user supplied input. A remote...
Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Contract Management ,IBM Emptoris Sourcing and IBM Emptoris Spend Analysis (CVE-2017-1194)
Summary The IBM Emptoris Contract Management ,IBM Emptoris Sourcing and IBM Emptoris Spend Analysis products are affected by a vulnerability that exists in the IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates...
IBM Emptoris Spend Analysis Cross-Site Scripting Vulnerability (CNVD-2017-24394)
The IBM Emptoris Spend Analysis solution supports organizations in consolidating, cleansing and categorizing spend data from disparate and scattered systems. A cross-site scripting vulnerability in IBM Emptoris Spend Analysis allows users to embed arbitrary JavaScript code in the Web UI, which...
CVE-2014-3035
Cross-site scripting XSS vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-3061
Cross-site request forgery CSRF vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2014-3061
Cross-site request forgery CSRF vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2014-3035
Cross-site scripting XSS vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...