Lucene search
K
IbmEmptoris Strategic Supply Management

15 matches found

CVE
CVE
added 2017/08/09 6:0 p.m.60 views

CVE-2017-1448

CVE-2017-1448 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.x. The vulnerability is an open redirect that could be exploited by an attacker to spoof the displayed URL and redirect victims to a malicious site, enabling phishing and potential data exposure. IBM security bulletin de...

5.4CVSS5.4AI score0.00686EPSS
CVE
CVE
added 2021/01/07 5:40 p.m.52 views

CVE-2020-4895

IBM Emptoris Sourcing (Emptoris Strategic Supply Management) versions 10.1.0.x, 10.1.1.x and 10.1.3.x are affected by a stored cross-site scripting vulnerability in the Web UI. The issue allows an attacker to embed arbitrary JavaScript in the UI, potentially leading to credential disclosure withi...

6.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2017/08/14 10:0 p.m.51 views

CVE-2017-1190

CVE-2017-1190 affects IBM Emptoris Strategic Supply Management Platform 10.x and 10.1. A local attacker with special access roles could exploit a misconfiguration to execute arbitrary code and gain full control over the system. The linked IBM bulletin lists affected versions (10.0.0.x–10.1.1.x) a...

6.4CVSS7.1AI score0.0033EPSS
CVE
CVE
added 2017/08/09 6:0 p.m.50 views

CVE-2016-8949

CVE-2016-8949 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.1.x. A remote attacker could exploit an open redirect to spoof the URL and lure victims to a malicious site, enabling phishing and potential data exposure. IBM’s Security Bulletin for Emptoris SLM documents the vulnerabi...

5.4CVSS5.4AI score0.00694EPSS
CVE
CVE
added 2017/07/13 3:0 p.m.49 views

CVE-2016-8952

CVE-2016-8952 affects IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x. It describes a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The ...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2017/08/14 10:0 p.m.48 views

CVE-2016-6021

IBM Emptoris Strategic Supply Management Platform versions 10.0 and 10.1 are affected by a cross-site scripting vulnerability in the Web UI (CVE-2016-6021). The flaw could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected prod...

5.4CVSS5.5AI score0.0054EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.47 views

CVE-2015-4939

CVE-2015-4939 is an XSS vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management. Affected are IBM Emptoris products on 10.x releases prior to: 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1. The flaw...

4.3CVSS7.4AI score0.00961EPSS
CVE
CVE
added 2017/08/09 6:0 p.m.47 views

CVE-2016-6121

Summary of technical details (CVE-2016-6121) : IBM Emptoris Supplier Lifecycle Management (SLM) versions 10.0.x–10.1.x are vulnerable to cross-site scripting (stored/reflected in the Web UI), enabling an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted...

5.4CVSS5.3AI score0.00729EPSS
CVE
CVE
added 2021/01/07 5:40 p.m.47 views

CVE-2020-4898

The CVE-2020-4898 issue applies to IBM Emptoris Strategic Supply Management Platform/SSMP 10.1.3.x. The IBM security bulletin documents a weak cryptographic algorithm vulnerability that could allow an attacker to decrypt highly sensitive information (Lucky 13 vulnerability). Affected product vers...

7.5CVSS7.2AI score0.00783EPSS
CVE
CVE
added 2017/09/05 9:0 p.m.45 views

CVE-2017-1097

IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to Cross-Site Request Forgery (CSRF), enabling an attacker to coerce a trusted user to perform malicious actions. This is supported by NVD entry CVE-2017-1097 and CNVD-2017-25667, which describe the CSRF iss...

8.8CVSS8.7AI score0.00556EPSS
CVE
CVE
added 2021/01/07 5:40 p.m.45 views

CVE-2020-4893

IBM Emptoris Strategic Supply Management Platform (SSMP) versions 10.1.0.x, 10.1.1.x, and 10.1.3.x transmit sensitive information in HTTP GET request parameters, enabling possible information disclosure via MITM. Root cause: GET parameter handling exposes data in transit. CVSS v3.0/3.1 base score...

5.9CVSS5.3AI score0.00649EPSS
CVE
CVE
added 2017/08/14 10:0 p.m.40 views

CVE-2016-6029

CVE-2016-6029 affects IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x. The root cause is failure to properly enable HTTP Strict Transport Security, enabling an information disclosure risk where an attacker could obtain sensitive data via man-in-the-middle. The IBM bull...

5.9CVSS5.9AI score0.01233EPSS
CVE
CVE
added 2017/07/24 9:0 p.m.40 views

CVE-2016-6118

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is affected by a Cross-Site Scripting vulnerability (CVE-2016-6118). The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential exposure within a trusted session. Thi...

5.4CVSS5.6AI score0.00729EPSS
CVE
CVE
added 2017/07/13 3:0 p.m.38 views

CVE-2016-8951

The CVE-2016-8951 entry describes a denial-of-service vulnerability in IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x caused by a flaw in the authentication features that can log out users and flood their accounts with emails. Connected sources corroborate the affecte...

7.5CVSS7.3AI score0.02914EPSS
CVE
CVE
added 2017/07/13 3:0 p.m.36 views

CVE-2016-6019

CVE-2016-6019 affects IBM Emptoris Strategic Supply Management Platform 10.0.0.x–10.1.1.x. Multiple connected sources (CNVD-2017-23341, NVD entry) confirm a cross-site scripting vulnerability in the web UI that lets an attacker inject arbitrary JavaScript, potentially leading to credentials discl...

5.4CVSS5.2AI score0.00729EPSS