Ibm: >> Emptoris Contract Management >> 10.0.4.0 Security Vulnerabilities
IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-04-29
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-07-19
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-02-15
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVSS Score
8.8
EPSS Score
0.001
Published
2016-02-15
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-02-15