15 matches found
CVE-2017-1448
CVE-2017-1448 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.x. The vulnerability is an open redirect that could be exploited by an attacker to spoof the displayed URL and redirect victims to a malicious site, enabling phishing and potential data exposure. IBM security bulletin de...
CVE-2020-4895
IBM Emptoris Sourcing (Emptoris Strategic Supply Management) versions 10.1.0.x, 10.1.1.x and 10.1.3.x are affected by a stored cross-site scripting vulnerability in the Web UI. The issue allows an attacker to embed arbitrary JavaScript in the UI, potentially leading to credential disclosure withi...
CVE-2017-1190
CVE-2017-1190 affects IBM Emptoris Strategic Supply Management Platform 10.x and 10.1. A local attacker with special access roles could exploit a misconfiguration to execute arbitrary code and gain full control over the system. The linked IBM bulletin lists affected versions (10.0.0.x–10.1.1.x) a...
CVE-2016-8949
CVE-2016-8949 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.1.x. A remote attacker could exploit an open redirect to spoof the URL and lure victims to a malicious site, enabling phishing and potential data exposure. IBM’s Security Bulletin for Emptoris SLM documents the vulnerabi...
CVE-2016-8952
CVE-2016-8952 affects IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x. It describes a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The ...
CVE-2016-6021
IBM Emptoris Strategic Supply Management Platform versions 10.0 and 10.1 are affected by a cross-site scripting vulnerability in the Web UI (CVE-2016-6021). The flaw could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected prod...
CVE-2015-4939
CVE-2015-4939 is an XSS vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management. Affected are IBM Emptoris products on 10.x releases prior to: 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1. The flaw...
CVE-2016-6121
Summary of technical details (CVE-2016-6121) : IBM Emptoris Supplier Lifecycle Management (SLM) versions 10.0.x–10.1.x are vulnerable to cross-site scripting (stored/reflected in the Web UI), enabling an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted...
CVE-2020-4898
The CVE-2020-4898 issue applies to IBM Emptoris Strategic Supply Management Platform/SSMP 10.1.3.x. The IBM security bulletin documents a weak cryptographic algorithm vulnerability that could allow an attacker to decrypt highly sensitive information (Lucky 13 vulnerability). Affected product vers...
CVE-2017-1097
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to Cross-Site Request Forgery (CSRF), enabling an attacker to coerce a trusted user to perform malicious actions. This is supported by NVD entry CVE-2017-1097 and CNVD-2017-25667, which describe the CSRF iss...
CVE-2020-4893
IBM Emptoris Strategic Supply Management Platform (SSMP) versions 10.1.0.x, 10.1.1.x, and 10.1.3.x transmit sensitive information in HTTP GET request parameters, enabling possible information disclosure via MITM. Root cause: GET parameter handling exposes data in transit. CVSS v3.0/3.1 base score...
CVE-2016-6029
CVE-2016-6029 affects IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x. The root cause is failure to properly enable HTTP Strict Transport Security, enabling an information disclosure risk where an attacker could obtain sensitive data via man-in-the-middle. The IBM bull...
CVE-2016-6118
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is affected by a Cross-Site Scripting vulnerability (CVE-2016-6118). The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential exposure within a trusted session. Thi...
CVE-2016-8951
The CVE-2016-8951 entry describes a denial-of-service vulnerability in IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x caused by a flaw in the authentication features that can log out users and flood their accounts with emails. Connected sources corroborate the affecte...
CVE-2016-6019
CVE-2016-6019 affects IBM Emptoris Strategic Supply Management Platform 10.0.0.x–10.1.1.x. Multiple connected sources (CNVD-2017-23341, NVD entry) confirm a cross-site scripting vulnerability in the web UI that lets an attacker inject arbitrary JavaScript, potentially leading to credentials discl...