16 matches found
CVE-2017-1450
CVE-2017-1450 affects IBM Emptoris Sourcing 9.5.x through 10.1.3, introducing an open-redirect vulnerability that could enable phishing by redirecting victims to a malicious site and spoofing the URL. The connected IBM security bulletin specifies the vulnerable range and provides remediation via ...
CVE-2017-1449
IBM Emptoris Sourcing (9.5.x–10.1.x; also related to Emptoris Contract Management) is affected by CVE-2017-1449 due to an open redirect vulnerability that could be exploited by a remote attacker to spoof the URL and lead a user to a malicious site, enabling phishing and potential sensitive-data e...
CVE-2017-1447
CVE-2017-1447 affects IBM Emptoris Sourcing 9.5.x through 10.1.x. The vulnerability is a cross-site scripting flaw in the Web UI that allows an attacker to embed arbitrary JavaScript, potentially altering functionality and enabling credential disclosure within a trusted session. Affected componen...
CVE-2019-4484
IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...
CVE-2016-8946
CVE-2016-8946 affects IBM Emptoris Sourcing 9.5.x through 10.1.x. The issue is a cross-site scripting vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session. The IBM bulletin c...
CVE-2019-4308
IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...
CVE-2020-4896
CVE-2020-4896 affects IBM Emptoris Sourcing versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The root cause is improper input validation that allows manipulating HTTP request headers to perform a web cache poisoning attack. Public references (NVD, CNVD, and IBM bulletin) confirm the vulnerability and a...
CVE-2016-8950
CVE-2016-8950 affects IBM Emptoris Sourcing 9.5.x–10.1.x and is a cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM security bulletin confirms this vulnerability and provi...
CVE-2016-8948
CVE-2016-8948 affects IBM Emptoris Sourcing 9.5.x through 10.1.x and is a cross-site scripting vulnerability in the Web UI. The underlying issue allows an attacker to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted session (imp...
CVE-2017-1444
IBM Emptoris Sourcing versions 9.5.x–10.1.x are affected by cross-site scripting in the Web UI, enabling injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. The IBM security bulletin (and related CVE entries) describe the vulnerability as an XSS in th...
CVE-2019-4485
The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis
CVE-2016-0329
IBM Emptoris Sourcing (versions 10.0.0.0 through 10.1.0.0) contains an Open Redirect vulnerability (CVE-2016-0329). A remote attacker could use specially crafted URLs to redirect victims to arbitrary sites, enabling phishing. Exposures are described in IBM Security Bulletins for Emptoris Sourcing...
CVE-2016-6114
Summary: IBM Emptoris Sourcing versions 9.5.x–10.1.x are vulnerable to cross-site scripting via the Web UI, potentially leading to credentials disclosure within a trusted session. The issue is documented under CVE-2016-6114 (IBM X-Force 118352). What is affected: IBM Emptoris Sourcing 9.5.x throu...
CVE-2016-8947
CVE-2016-8947 affects IBM Emptoris Sourcing 9.5.x through 10.1.x. The issue is an open redirect that could be exploited by a remote attacker to spoof the URL shown to a user and redirect to a malicious site, potentially enabling phishing and information disclosure. The connected IBM security bull...
CVE-2016-8953
IBM Emptoris Sourcing 9.5.x through 10.1.x is affected by an open redirect/phishing vulnerability (CVE-2016-8953). A remote attacker could lure a user to a crafted site to spoof the displayed URL and redirect to a malicious site, potentially harvesting sensitive information. The IBM security bull...
CVE-2015-5024
The CVE-2015-5024 entry concerns IBM Emptoris Sourcing, affecting multiple 10.0.x releases (e.g., 10.0.2.0, 10.0.2.2, 10.0.2.3, 10.0.2.5–10.0.2.7, and 10.0.4.x) with remote authenticated access that can disclose sensitive supplier-bid information via unspecified vectors. The underlying cause is a...