Cross-Site Scripting Vulnerability in IBM Emptoris Supplier Lifecycle Management
CVE-2017-1098

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Emptoris Supplier Lifecycle Management
Vendor: CVE Published:; 7 September 2017

What is CVE-2017-1098?

IBM Emptoris Supplier Lifecycle Management version 10.1.0.x is vulnerable to cross-site scripting, allowing attackers to inject arbitrary JavaScript code into the web interface. This can lead to unauthorized access, enabling an attacker to manipulate session data and potentially disclose sensitive user credentials within a trusted session environment.

References

http://www.ibm.com/support/docview.wss?uid=swg22005824

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/120658

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2017
Vulnerability Reserved
Nov 30, 2016