CSRF Vulnerability in IBM Emptoris Products
CVE-2014-3040

Currently unrated

Key Information:

Vendor: IBM
Status: Emptoris Spend Analysis
Vendor: CVE Published:; 26 August 2014

Summary

A CSRF vulnerability exists in various IBM Emptoris products, allowing remote authenticated users to exploit the system, potentially hijacking the authentication of arbitrary users. This can lead to unauthorized actions within the application, as it allows attackers to insert XSS sequences. The flaw affects multiple versions of Emptoris Contract Management, Sourcing Portfolio, and Spend Analysis, making it vital for users to apply the latest patches to secure their systems.

References

http://secunia.com/advisories/60480

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/60479

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21681277

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 26, 2014
Vulnerability Reserved
Apr 29, 2014