Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Emptoris Supplier Lifecycle Management
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1448 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173.
CVE-2017-1098 1 Ibm 1 Emptoris Supplier Lifecycle Management 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
CVE-2016-8949 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836.
CVE-2016-6121 1 Ibm 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118383.
CVE-2015-4939 1 Ibm 3 Emptoris Program Management, Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.