Lucene search

IbmCVE-2015-4971

HistoryOct 06, 2015 - 1:59 a.m.

CVE-2015-4971

2015-10-0601:59:13

CWE-79

ibm

web.nvd.nist.gov

cve-2015-4971

xss

ibm emptoris

security vulnerability

web script injection

html injection

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

27.4%

JSON

Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

Nvd

Node

ibmemptorisMatchsupplier_lifecycle_management10.0.0.0

ibmemptorisMatchsupplier_lifecycle_management10.0.0.1

ibmemptorisMatchsupplier_lifecycle_management10.0.0.2

ibmemptorisMatchsupplier_lifecycle_management10.0.0.3

ibmemptorisMatchsupplier_lifecycle_management10.0.1.0

ibmemptorisMatchsupplier_lifecycle_management10.0.1.1

ibmemptorisMatchsupplier_lifecycle_management10.0.1.2

ibmemptorisMatchsupplier_lifecycle_management10.0.2.0

ibmemptorisMatchsupplier_lifecycle_management10.0.2.2

ibmemptorisMatchsupplier_lifecycle_management10.0.2.3

ibmemptorisMatchsupplier_lifecycle_management10.0.2.5

ibmemptorisMatchsupplier_lifecycle_management10.0.2.6

ibmemptorisMatchsupplier_lifecycle_management10.0.2.7

Node

ibmemptorisMatchstrategic_supply_management10.0.0.0

ibmemptorisMatchstrategic_supply_management10.0.0.1

ibmemptorisMatchstrategic_supply_management10.0.0.2

ibmemptorisMatchstrategic_supply_management10.0.0.3

ibmemptorisMatchstrategic_supply_management10.0.1.0

ibmemptorisMatchstrategic_supply_management10.0.1.1

ibmemptorisMatchstrategic_supply_management10.0.1.2

ibmemptorisMatchstrategic_supply_management10.0.1.3

ibmemptorisMatchstrategic_supply_management10.0.1.4

ibmemptorisMatchstrategic_supply_management10.0.2.0

ibmemptorisMatchstrategic_supply_management10.0.2.1

ibmemptorisMatchstrategic_supply_management10.0.2.2

ibmemptorisMatchstrategic_supply_management10.0.2.3

ibmemptorisMatchstrategic_supply_management10.0.2.4

ibmemptorisMatchstrategic_supply_management10.0.2.5

ibmemptorisMatchstrategic_supply_management10.0.2.6

ibmemptorisMatchstrategic_supply_management10.0.2.7

Node

ibmemptoris_program_managementMatch10.0.0.0

ibmemptoris_program_managementMatch10.0.0.1

ibmemptoris_program_managementMatch10.0.0.2

ibmemptoris_program_managementMatch10.0.0.3

ibmemptoris_program_managementMatch10.0.1.0

ibmemptoris_program_managementMatch10.0.1.1

ibmemptoris_program_managementMatch10.0.1.2

ibmemptoris_program_managementMatch10.0.1.3

ibmemptoris_program_managementMatch10.0.1.4

ibmemptoris_program_managementMatch10.0.2.0

ibmemptoris_program_managementMatch10.0.2.1

ibmemptoris_program_managementMatch10.0.2.2

ibmemptoris_program_managementMatch10.0.2.3

ibmemptoris_program_managementMatch10.0.2.4

ibmemptoris_program_managementMatch10.0.2.5

ibmemptoris_program_managementMatch10.0.2.6

ibmemptoris_program_managementMatch10.0.2.7

VendorProductVersionCPE
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:*
ibmemptorissupplier_lifecycle_managementcpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.0::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.1::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.2::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.3::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.0::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.1::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.2::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.0::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.2::::::
ibm	emptoris	supplier_lifecycle_management	cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.3::::::

Rows per page:

1-10 of 471

References

www-01.ibm.com/support/docview.wss?uid=swg21966754

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

27.4%

JSON

Related for CVE-2015-4971