CVE-2015-5042

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.6%

top 29.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Contract Management

Timeline

PublishedFeb 15

Latest updateMay 17

Description

IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/emptoris_contract_management24 versions+23

🔴Vulnerability Details

GHSA

GHSA-wqrv-3v4p-x44f: IBM Emptoris Contract Management 9↗2022-05-17

▶

CVEList

CVE-2015-5042: IBM Emptoris Contract Management 9↗2016-02-15

▶