Lucene search
HistoryOct 06, 2015 - 1:59 a.m.
CVE-2015-4971
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
27.4%
Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Affected configurations
Node
ibmemptorisMatchsupplier_lifecycle_management10.0.0.0
ORibmemptorisMatchsupplier_lifecycle_management10.0.0.1
ORibmemptorisMatchsupplier_lifecycle_management10.0.0.2
ORibmemptorisMatchsupplier_lifecycle_management10.0.0.3
ORibmemptorisMatchsupplier_lifecycle_management10.0.1.0
ORibmemptorisMatchsupplier_lifecycle_management10.0.1.1
ORibmemptorisMatchsupplier_lifecycle_management10.0.1.2
ORibmemptorisMatchsupplier_lifecycle_management10.0.2.0
ORibmemptorisMatchsupplier_lifecycle_management10.0.2.2
ORibmemptorisMatchsupplier_lifecycle_management10.0.2.3
ORibmemptorisMatchsupplier_lifecycle_management10.0.2.5
ORibmemptorisMatchsupplier_lifecycle_management10.0.2.6
ORibmemptorisMatchsupplier_lifecycle_management10.0.2.7
Node
ibmemptorisMatchstrategic_supply_management10.0.0.0
ORibmemptorisMatchstrategic_supply_management10.0.0.1
ORibmemptorisMatchstrategic_supply_management10.0.0.2
ORibmemptorisMatchstrategic_supply_management10.0.0.3
ORibmemptorisMatchstrategic_supply_management10.0.1.0
ORibmemptorisMatchstrategic_supply_management10.0.1.1
ORibmemptorisMatchstrategic_supply_management10.0.1.2
ORibmemptorisMatchstrategic_supply_management10.0.1.3
ORibmemptorisMatchstrategic_supply_management10.0.1.4
ORibmemptorisMatchstrategic_supply_management10.0.2.0
ORibmemptorisMatchstrategic_supply_management10.0.2.1
ORibmemptorisMatchstrategic_supply_management10.0.2.2
ORibmemptorisMatchstrategic_supply_management10.0.2.3
ORibmemptorisMatchstrategic_supply_management10.0.2.4
ORibmemptorisMatchstrategic_supply_management10.0.2.5
ORibmemptorisMatchstrategic_supply_management10.0.2.6
ORibmemptorisMatchstrategic_supply_management10.0.2.7
Node
ibmemptoris_program_managementMatch10.0.0.0
ORibmemptoris_program_managementMatch10.0.0.1
ORibmemptoris_program_managementMatch10.0.0.2
ORibmemptoris_program_managementMatch10.0.0.3
ORibmemptoris_program_managementMatch10.0.1.0
ORibmemptoris_program_managementMatch10.0.1.1
ORibmemptoris_program_managementMatch10.0.1.2
ORibmemptoris_program_managementMatch10.0.1.3
ORibmemptoris_program_managementMatch10.0.1.4
ORibmemptoris_program_managementMatch10.0.2.0
ORibmemptoris_program_managementMatch10.0.2.1
ORibmemptoris_program_managementMatch10.0.2.2
ORibmemptoris_program_managementMatch10.0.2.3
ORibmemptoris_program_managementMatch10.0.2.4
ORibmemptoris_program_managementMatch10.0.2.5
ORibmemptoris_program_managementMatch10.0.2.6
ORibmemptoris_program_managementMatch10.0.2.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.0:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.1:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.2:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.0.3:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.0:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.1:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.1.2:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.0:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.2:*:*:*:*:*:* |
| ibm | emptoris | supplier_lifecycle_management | cpe:2.3:a:ibm:emptoris:supplier_lifecycle_management:10.0.2.3:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2015-10-06 01:59:00
cvelist
cvelist
CVE-2015-4971
2015-10-05 10:00:00
cve
cve
CVE-2015-4971
2015-10-06 01:59:13
ibm
ibm
Security Bulletins for Emptoris Supplier Lifecycle Management
2018-12-08 13:10:02
Security Bulletins for Emptoris Program Management
2018-12-08 16:15:01
Security Bulletins for Emptoris Strategic Supply Management Platform.
2020-11-02 19:28:22
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
27.4%
Related for NVD:CVE-2015-4971