CVE-2015-5024

CWE-200 — Information Exposure3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.2%

top 63.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Sourcing

Timeline

PublishedOct 6

Latest updateMay 17

Description

IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/emptoris_sourcing7 versions+6

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vqrr-c7qg-7fr3: IBM Emptoris Sourcing 10↗2022-05-17

▶

CVEList

CVE-2015-5024: IBM Emptoris Sourcing 10↗2015-10-05

▶