Arbitrary Code Execution in IBM Emptoris Strategic Supply Management Platform
CVE-2017-1190

6.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
4 August 2017

Summary

The IBM Emptoris Strategic Supply Management Platform versions 10.x and 10.1 are susceptible to an arbitrary code execution vulnerability. This issue arises when a local user with specialized access permissions manipulates specific properties within the system. Successful exploitation could allow the attacker to execute arbitrary code, thereby gaining unauthorized control over the system, which can lead to severe data compromise and operational disruption.

Affected Version(s)

Emptoris Strategic Supply Management 10.0.0.0

Emptoris Strategic Supply Management 10.0.1.0

Emptoris Strategic Supply Management 10.0.2.0

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.