Cross-Site Request Forgery in IBM Emptoris Strategic Supply Management Platform
CVE-2017-1097

8.8HIGH

Key Information:

Vendor: IBM
Status: Emptoris Strategic Supply Management
Vendor: CVE Published:; 5 September 2017

What is CVE-2017-1097?

IBM Emptoris Strategic Supply Management Platform versions 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery (CSRF). This weakness allows attackers to exploit the trust established between a user and the platform by executing unauthorized commands on behalf of legitimate users. As a result, sensitive operations may be performed without the user's consent, posing significant security risks. For further details, visit the IBM support documentation or the IBM X-Force Exchange.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Emptoris Strategic Supply Management 10.0.0.0

Emptoris Strategic Supply Management 10.0.1.0

Emptoris Strategic Supply Management 10.0.2.0

References

http://www.ibm.com/support/docview.wss?uid=swg22006963

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/120657

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2017
Vulnerability Reserved
Nov 30, 2016

JSON

IBM

What is CVE-2017-1097?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.