Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for emptoris_sourcing by ibm

    CVE-2020-4896 (GCVE-0-2020-4896)

    Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-16 16:18
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2021-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6398284"
              },
              {
                "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2021-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/UI:N/C:L/S:U/A:N/AC:L/PR:N/AV:N/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-07T17:40:29.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6398284"
            },
            {
              "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-06T00:00:00",
              "ID": "CVE-2020-4896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6398284",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/pages/node/6398284"
                },
                {
                  "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4896",
        "datePublished": "2021-01-07T17:40:29.367Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:18:21.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4485 (GCVE-0-2019-4485)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:47.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194485-info-disc (164069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4485",
        "datePublished": "2019-08-20T18:25:27.111Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:37.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4484 (GCVE-0-2019-4484)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194484-info-disc (164068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4484",
        "datePublished": "2019-08-20T18:25:27.063Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:06.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4308 (GCVE-0-2019-4308)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194308-info-disc (161034)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4308",
        "datePublished": "2019-08-20T18:25:26.552Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:47.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0329 (GCVE-0-2016-0329)

    Vulnerability from nvd – Published: 2018-02-02 21:00 – Updated: 2024-08-05 22:15
    VLAI
    Summary
    Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:15:23.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-emptoris-cve20160329-url-redirect(111692)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-emptoris-cve20160329-url-redirect(111692)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-0329",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-emptoris-cve20160329-url-redirect(111692)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-0329",
        "datePublished": "2018-02-02T21:00:00.000Z",
        "dateReserved": "2015-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:15:23.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1450 (GCVE-0-2017-1450)

    Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-17 03:02
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1450",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1450",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:02:45.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1449 (GCVE-0-2017-1449)

    Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-17 00:56
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:30.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1449",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:05.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1447 (GCVE-0-2017-1447)

    Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-16 22:21
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1447",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:21:10.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1444 (GCVE-0-2017-1444)

    Vulnerability from nvd – Published: 2017-08-31 14:00 – Updated: 2024-09-17 02:46
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:30.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1444",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1444",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:42.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8953 (GCVE-0-2016-8953)

    Vulnerability from nvd – Published: 2017-07-12 17:00 – Updated: 2024-09-16 22:41
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8953",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:41:20.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8950 (GCVE-0-2016-8950)

    Vulnerability from nvd – Published: 2017-07-12 17:00 – Updated: 2024-09-17 03:03
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8950",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:37.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8948 (GCVE-0-2016-8948)

    Vulnerability from nvd – Published: 2017-07-12 17:00 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8948",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8948",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:11.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8947 (GCVE-0-2016-8947)

    Vulnerability from nvd – Published: 2017-07-12 17:00 – Updated: 2024-09-16 17:42
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8947",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8947",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:36.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8946 (GCVE-0-2016-8946)

    Vulnerability from nvd – Published: 2017-07-12 17:00 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8946",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8946",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:10.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6114 (GCVE-0-2016-6114)

    Vulnerability from nvd – Published: 2017-07-12 17:00 – Updated: 2024-09-16 16:43
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:20.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-6114",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6114",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:43:44.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4896 (GCVE-0-2020-4896)

    Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-16 16:18
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2021-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6398284"
              },
              {
                "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2021-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/UI:N/C:L/S:U/A:N/AC:L/PR:N/AV:N/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-07T17:40:29.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6398284"
            },
            {
              "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-06T00:00:00",
              "ID": "CVE-2020-4896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6398284",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6398284 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/pages/node/6398284"
                },
                {
                  "name": "ibm-emptoris-cve20204896-cache-poisoning (190987)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190987"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4896",
        "datePublished": "2021-01-07T17:40:29.367Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:18:21.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4485 (GCVE-0-2019-4485)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:47.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194485-info-disc (164069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4485",
        "datePublished": "2019-08-20T18:25:27.111Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:37.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4484 (GCVE-0-2019-4484)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194484-info-disc (164068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4484",
        "datePublished": "2019-08-20T18:25:27.063Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:06.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4308 (GCVE-0-2019-4308)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194308-info-disc (161034)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4308",
        "datePublished": "2019-08-20T18:25:26.552Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:47.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0329 (GCVE-0-2016-0329)

    Vulnerability from cvelistv5 – Published: 2018-02-02 21:00 – Updated: 2024-08-05 22:15
    VLAI
    Summary
    Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:15:23.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-emptoris-cve20160329-url-redirect(111692)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-02T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-emptoris-cve20160329-url-redirect(111692)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-0329",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-emptoris-cve20160329-url-redirect(111692)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111692"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982629"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-0329",
        "datePublished": "2018-02-02T21:00:00.000Z",
        "dateReserved": "2015-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:15:23.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1447 (GCVE-0-2017-1447)

    Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-16 22:21
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.641Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128172"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1447",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:21:10.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1449 (GCVE-0-2017-1449)

    Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-17 00:56
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:30.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128174"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1449",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:56:05.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1450 (GCVE-0-2017-1450)

    Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-17 03:02
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1450",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128177"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1450",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:02:45.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1444 (GCVE-0-2017-1444)

    Vulnerability from cvelistv5 – Published: 2017-08-31 14:00 – Updated: 2024-09-17 02:46
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2017-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:30.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2017-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T13:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-11T00:00:00",
              "ID": "CVE-2017-1444",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005834"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128110"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1444",
        "datePublished": "2017-08-31T14:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:46:42.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6114 (GCVE-0-2016-6114)

    Vulnerability from cvelistv5 – Published: 2017-07-12 17:00 – Updated: 2024-09-16 16:43
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:20.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-6114",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6114",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:43:44.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8953 (GCVE-0-2016-8953)

    Vulnerability from cvelistv5 – Published: 2017-07-12 17:00 – Updated: 2024-09-16 22:41
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118840"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8953",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:41:20.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8946 (GCVE-0-2016-8946)

    Vulnerability from cvelistv5 – Published: 2017-07-12 17:00 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8946",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118833"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8946",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:10.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8948 (GCVE-0-2016-8948)

    Vulnerability from cvelistv5 – Published: 2017-07-12 17:00 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8948",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8948",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:11.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8950 (GCVE-0-2016-8950)

    Vulnerability from cvelistv5 – Published: 2017-07-12 17:00 – Updated: 2024-09-17 03:03
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.301Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118837"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8950",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:37.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-8947 (GCVE-0-2016-8947)

    Vulnerability from cvelistv5 – Published: 2017-07-12 17:00 – Updated: 2024-09-16 17:42
    VLAI
    Summary
    IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834
    Severity
    No CVSS data available.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 9.5
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:35:02.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
              },
              {
                "name": "99545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99545"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-13T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
            },
            {
              "name": "99545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99545"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-07-10T00:00:00",
              "ID": "CVE-2016-8947",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
                },
                {
                  "name": "99545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99545"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118834"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-8947",
        "datePublished": "2017-07-12T17:00:00.000Z",
        "dateReserved": "2016-10-25T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:36.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }