Lucene search
K
IbmEmptoris Sourcing

16 matches found

CVE
CVE
added 2017/08/31 2:0 p.m.63 views

CVE-2017-1450

CVE-2017-1450 affects IBM Emptoris Sourcing 9.5.x through 10.1.3, introducing an open-redirect vulnerability that could enable phishing by redirecting victims to a malicious site and spoofing the URL. The connected IBM security bulletin specifies the vulnerable range and provides remediation via ...

6.1CVSS5.8AI score0.008EPSS
CVE
CVE
added 2017/08/31 2:0 p.m.61 views

CVE-2017-1449

IBM Emptoris Sourcing (9.5.x–10.1.x; also related to Emptoris Contract Management) is affected by CVE-2017-1449 due to an open redirect vulnerability that could be exploited by a remote attacker to spoof the URL and lead a user to a malicious site, enabling phishing and potential sensitive-data e...

5.4CVSS5.2AI score0.00583EPSS
CVE
CVE
added 2017/08/31 2:0 p.m.58 views

CVE-2017-1447

CVE-2017-1447 affects IBM Emptoris Sourcing 9.5.x through 10.1.x. The vulnerability is a cross-site scripting flaw in the Web UI that allows an attacker to embed arbitrary JavaScript, potentially altering functionality and enabling credential disclosure within a trusted session. Affected componen...

5.4CVSS5.3AI score0.0054EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4484

IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...

4.3CVSS4.3AI score0.00994EPSS
CVE
CVE
added 2017/07/12 5:0 p.m.48 views

CVE-2016-8946

CVE-2016-8946 affects IBM Emptoris Sourcing 9.5.x through 10.1.x. The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. The IBM bulletin c...

5.4CVSS5.3AI score0.00729EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.48 views

CVE-2019-4308

IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...

4.3CVSS4.1AI score0.00994EPSS
CVE
CVE
added 2021/01/07 5:40 p.m.47 views

CVE-2020-4896

CVE-2020-4896 affects IBM Emptoris Sourcing versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The root cause is improper input validation that allows manipulating HTTP request headers to perform a web cache poisoning attack. Public references (NVD, CNVD, and IBM bulletin) confirm the vulnerability and a...

6.5CVSS6.3AI score0.00812EPSS
CVE
CVE
added 2017/07/12 5:0 p.m.44 views

CVE-2016-8950

CVE-2016-8950 affects IBM Emptoris Sourcing 9.5.x–10.1.x and is a cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM security bulletin confirms this vulnerability and provi...

5.4CVSS5.3AI score0.00974EPSS
CVE
CVE
added 2017/07/12 5:0 p.m.43 views

CVE-2016-8948

CVE-2016-8948 affects IBM Emptoris Sourcing 9.5.x through 10.1.x and is a cross-site scripting vulnerability in the Web UI. The underlying issue allows an attacker to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session (imp...

5.4CVSS5.3AI score0.00729EPSS
CVE
CVE
added 2017/08/31 2:0 p.m.43 views

CVE-2017-1444

IBM Emptoris Sourcing versions 9.5.x–10.1.x are affected by cross-site scripting in the Web UI, enabling injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. The IBM security bulletin (and related CVE entries) describe the vulnerability as an XSS in th...

5.4CVSS5.3AI score0.00627EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.43 views

CVE-2019-4485

The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis

4.3CVSS4.3AI score0.00994EPSS
CVE
CVE
added 2018/02/02 9:0 p.m.41 views

CVE-2016-0329

IBM Emptoris Sourcing (versions 10.0.0.0 through 10.1.0.0) contains an Open Redirect vulnerability (CVE-2016-0329). A remote attacker could use specially crafted URLs to redirect victims to arbitrary sites, enabling phishing. Exposures are described in IBM Security Bulletins for Emptoris Sourcing...

5.4CVSS5.5AI score0.00661EPSS
CVE
CVE
added 2017/07/12 5:0 p.m.41 views

CVE-2016-6114

Summary: IBM Emptoris Sourcing versions 9.5.x–10.1.x are vulnerable to cross-site scripting via the Web UI, potentially leading to credentials disclosure within a trusted session. The issue is documented under CVE-2016-6114 (IBM X-Force 118352). What is affected: IBM Emptoris Sourcing 9.5.x throu...

5.4CVSS5.3AI score0.00729EPSS
CVE
CVE
added 2017/07/12 5:0 p.m.41 views

CVE-2016-8947

CVE-2016-8947 affects IBM Emptoris Sourcing 9.5.x through 10.1.x. The issue is an open redirect that could be exploited by a remote attacker to spoof the URL shown to a user and redirect to a malicious site, potentially enabling phishing and information disclosure. The connected IBM security bull...

6.1CVSS5.8AI score0.00994EPSS
CVE
CVE
added 2017/07/12 5:0 p.m.41 views

CVE-2016-8953

IBM Emptoris Sourcing 9.5.x through 10.1.x is affected by an open redirect/phishing vulnerability (CVE-2016-8953). A remote attacker could lure a user to a crafted site to spoof the displayed URL and redirect to a malicious site, potentially harvesting sensitive information. The IBM security bull...

5.4CVSS5.3AI score0.00686EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.38 views

CVE-2015-5024

The CVE-2015-5024 entry concerns IBM Emptoris Sourcing, affecting multiple 10.0.x releases (e.g., 10.0.2.0, 10.0.2.2, 10.0.2.3, 10.0.2.5–10.0.2.7, and 10.0.4.x) with remote authenticated access that can disclose sensitive supplier-bid information via unspecified vectors. The underlying cause is a...

4CVSS8.3AI score0.00966EPSS