Arbitrary Code Execution in IBM Emptoris Strategic Supply Management Platform
CVE-2017-1190
6.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 4 August 2017
Summary
The IBM Emptoris Strategic Supply Management Platform versions 10.x and 10.1 are susceptible to an arbitrary code execution vulnerability. This issue arises when a local user with specialized access permissions manipulates specific properties within the system. Successful exploitation could allow the attacker to execute arbitrary code, thereby gaining unauthorized control over the system, which can lead to severe data compromise and operational disruption.
Affected Version(s)
Emptoris Strategic Supply Management 10.0.0.0
Emptoris Strategic Supply Management 10.0.1.0
Emptoris Strategic Supply Management 10.0.2.0
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved