Cross-Site Scripting Vulnerability in IBM Emptoris Sourcing
CVE-2016-8950

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Emptoris Sourcing
Vendor: CVE Published:; 12 July 2017

🔔 Create IBM Vulnerability Alert

What is CVE-2016-8950?

IBM Emptoris Sourcing versions 9.5.x through 10.1.x are susceptible to a cross-site scripting vulnerability that allows attackers to insert arbitrary JavaScript code into the web interface. This exploitation can disrupt the application's intended functionality and potentially lead to unauthorized disclosure of user credentials within a trusted session.

Affected Version(s)

Emptoris Sourcing 9.5

Emptoris Sourcing 10.0.0

Emptoris Sourcing 10.0.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/118837

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22005549

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99545

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2017
Vulnerability Reserved
Oct 25, 2016

.