4 matches found
CVE-2017-1441
IBM Emptoris Services Procurement 10.x contains a local information-disclosure vulnerability (CVE-2017-1441) due to improper access control. A local attacker could view sensitive information stored on the system. The IBM security bulletin lists affected versions (10.0.0.5) and provides remediatio...
CVE-2017-1440
CVE-2017-1440 affects IBM Emptoris Services Procurement 10.x. The vulnerability allows a remote attacker to include arbitrary files by sending a specially crafted URL, enabling remote code execution on the vulnerable web server. The IBM security bulletin lists multiple CVEs for the product, with ...
CVE-2017-1442
CVE-2017-1442 affects IBM Emptoris Services Procurement 10.x, specifically 10.0.0.5, where a cross-site request forgery vulnerability could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The IBM Security Bulletin confirms this CSRF issue and lists the fi...
CVE-2017-1443
IBM Emptoris Services Procurement 10.x is affected by CVE-2017-1443, a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM security bulletin lists 10.0.0.5 as affected an...