Ibm Emptoris Supplier Lifecycle Management vulnerabilities
6 known vulnerabilities affecting ibm/emptoris_supplier_lifecycle_management.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2017-1098MEDIUMCVSS 5.4v10.1.0.0v10.1.0.1+12 more2017-09-07
CVE-2017-1098 [MEDIUM] CWE-79 CVE-2017-1098: IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vuln
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
nvd
CVE-2016-8949MEDIUMCVSS 5.4v10.0.0.0v10.0.0.1+14 more2017-08-09
CVE-2016-8949 [MEDIUM] CWE-601 CVE-2016-8949: IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduc
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear t
cvelistv5nvd
CVE-2017-1448MEDIUMCVSS 5.4v10.0.0.0v10.0.0.1+14 more2017-08-09
CVE-2017-1448 [MEDIUM] CWE-601 CVE-2017-1448: IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduc
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear t
cvelistv5nvd
CVE-2016-6121MEDIUMCVSS 5.4v10.0.0.0v10.0.0.1+14 more2017-08-09
CVE-2016-6121 [MEDIUM] CWE-79 CVE-2016-6121: IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting.
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
cvelistv5nvd
CVE-2016-6118MEDIUMCVSS 5.4v10.1.0.02017-07-24
CVE-2016-6118 [MEDIUM] CWE-79 CVE-2016-6118: IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vuln
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356.
cvelistv5nvd
CVE-2015-4939MEDIUMCVSS 4.3v10.0.0.0v10.0.0.1+11 more2015-10-06
CVE-2015-4939 [MEDIUM] CWE-79 CVE-2015-4939: Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd