4 matches found
CVE-2014-4790
The CVE-2014-4790 entry affects IBM Emptoris Sourcing Portfolio and Emptoris Spend Analysis. Affected.product components: Emptoris Sourcing Portfolio versions 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; Emptoris Spend Analysis versions 9...
CVE-2014-6212
The CVE-2014-6212 issue is an XML External Entity (XXE) vulnerability in IBM Emptoris family products (Contract Management, Sourcing, Program Management/SSMP). The Echo API across multiple versions (Contract Management 9.5.x up to 9.5.0.6 iFix11; 10.0.0.x up to 10.0.0.1 iFix12; 10.0.1.x up to 10....
CVE-2014-3040
CVE-2014-3040 is a CSRF vulnerability in IBM Emptoris family (Contract Management, Sourcing Portfolio, Spend Analysis). The flaw affects multiple versions across 9.5.x and 10.x, where remote authenticated users can hijack a user’s session by crafting requests that insert XSS sequences. Affected c...
CVE-2014-3033
IBM Emptoris Sourcing Portfolio is affected by a Cross-site Scripting (XSS) vulnerability in multiple versions: 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue permits remote authenticated users to inject arbitrary web script or HT...