CVE-2014-3061

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 70.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Spend Analysis

Timeline

PublishedAug 26

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/emptoris_spend_analysis9 versions+8

🔴Vulnerability Details

GHSA

GHSA-gvhc-h2p2-8x4v: Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9↗2022-05-17

▶

CVEList

CVE-2014-3061: Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9↗2014-08-26

▶