5 matches found
CVE-2017-1448
CVE-2017-1448 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.x. The vulnerability is an open redirect that could be exploited by an attacker to spoof the displayed URL and redirect victims to a malicious site, enabling phishing and potential data exposure. IBM security bulletin de...
CVE-2016-8949
CVE-2016-8949 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.1.x. A remote attacker could exploit an open redirect to spoof the URL and lure victims to a malicious site, enabling phishing and potential data exposure. IBM’s Security Bulletin for Emptoris SLM documents the vulnerabi...
CVE-2017-1098
CVE-2017-1098 affects IBM Emptoris Supplier Lifecycle Management, specifically the 10.1.0.x line. The connected documents confirm a cross-site scripting vulnerability in the Web UI that could enable an attacker to inject arbitrary JavaScript, potentially altering functionality and leading to cred...
CVE-2015-4939
CVE-2015-4939 is an XSS vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management. Affected are IBM Emptoris products on 10.x releases prior to: 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1. The flaw...
CVE-2016-6121
Summary of technical details (CVE-2016-6121) : IBM Emptoris Supplier Lifecycle Management (SLM) versions 10.0.x–10.1.x are vulnerable to cross-site scripting (stored/reflected in the Web UI), enabling an attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted...