EUVD-2016-0715

Malware in sbrugna...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1583, CVE-2011-4343)

Summary The IBM Emptoris Contract Management ,IBM Emptoris Program Management, IBM Emptoris Sourcing, IBM Emptoris Spend Analysis and IBM Emptoris Services Procurement products are affected by a vulnerability that exists in the IBM WebSphere Application Server. The security bulletin includes issu...

Security Bulletin: Vulnerability in Apache POI affects IBM Emptoris Services Procurement (CVE-2017-5644)

Summary Open Source Apache Poi vulnerability affects IBM Emptoris Services Procurement Vulnerability Details CVE-ID: CVE-2017-5644 Description: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-craft...

Code injection

IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM...

CVE-2017-1440

IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM...

CVE-2017-1441

IBM Emptoris Services Procurement 10.x contains a local information-disclosure vulnerability (CVE-2017-1441) due to improper access control. A local attacker could view sensitive information stored on the system. The IBM security bulletin lists affected versions (10.0.0.5) and provides remediatio...

CVE-2016-5600

Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

CVE-2016-0680

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement...

Design/Logic Flaw

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement...

CVE-2016-0680

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement...

CVE-2016-0680

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement...

CVE-2016-0680

CVE-2016-0680 affects Oracle PeopleSoft Products 9.1 and 9.2, specifically the Services Procurement subcomponent of the PeopleSoft Enterprise SCM suite. A security vulnerability exists that can be exploited by a remote authenticated user to read, update, insert, or delete data, thereby compromisi...