Emptoris Sourcing@10.1.0 Security Vulnerabilities and Issues — Emptoris Sourcing@10.1.0 CVE List

Lucene search

IbmEmptoris Sourcing10.1.0

15 matches found

CVE•added 2017/08/31 2:29 p.m.•52 views

CVE-2017-1450

IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious ...

6.1CVSS5.8AI score0.0015EPSS

CVE•added 2017/08/31 2:29 p.m.•47 views

CVE-2017-1447

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.

5.4CVSS5.3AI score0.00198EPSS

CVE•added 2019/08/20 7:15 p.m.•40 views

CVE-2019-4484

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.

4.3CVSS4.3AI score0.00156EPSS

CVE•added 2021/01/07 6:15 p.m.•40 views

CVE-2020-4895

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...

6.4CVSS5.1AI score0.00105EPSS

CVE•added 2019/08/20 7:15 p.m.•38 views

CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.

4.3CVSS4.1AI score0.00156EPSS

CVE•added 2017/07/12 5:29 p.m.•37 views

CVE-2016-8946

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.

5.4CVSS5.3AI score0.00269EPSS

CVE•added 2017/08/31 2:29 p.m.•35 views

CVE-2017-1449

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2021/01/07 6:15 p.m.•35 views

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.

6.5CVSS6.3AI score0.00158EPSS

CVE•added 2017/07/12 5:29 p.m.•34 views

CVE-2016-8950

5.4CVSS5.3AI score0.00235EPSS

CVE•added 2017/08/31 2:29 p.m.•34 views

CVE-2017-1444

5.4CVSS5.3AI score0.00198EPSS

CVE•added 2017/07/12 5:29 p.m.•32 views

CVE-2016-8953

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a ma...

5.4CVSS5.3AI score0.00119EPSS

CVE•added 2019/08/20 7:15 p.m.•32 views

CVE-2019-4485

4.3CVSS4.3AI score0.00156EPSS

CVE•added 2017/07/12 5:29 p.m.•30 views

CVE-2016-6114

5.4CVSS5.3AI score0.00269EPSS

CVE•added 2017/07/12 5:29 p.m.•30 views

CVE-2016-8947

6.1CVSS5.8AI score0.00212EPSS

CVE•added 2017/07/12 5:29 p.m.•27 views

CVE-2016-8948

5.4CVSS5.3AI score0.00269EPSS