CVE-2015-5050

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 71.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Contract Management

Timeline

PublishedFeb 15

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/emptoris_contract_management24 versions+23

🔴Vulnerability Details

GHSA

GHSA-hg85-rpgh-p3v6: Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9↗2022-05-17

▶

CVEList

CVE-2015-5050: Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9↗2016-02-15

▶