Cross-Site Scripting Vulnerability in IBM Emptoris Services Procurement
CVE-2017-1443

6.1MEDIUM

Key Information:

Vendor
IBM
Status
Emptoris Services Procurement
Vendor
CVE Published:
30 August 2017

Summary

IBM Emptoris Services Procurement version 10.0.0.5 is susceptible to a cross-site scripting vulnerability, which enables attackers to inject and execute arbitrary JavaScript code through the web interface. This exploitation can lead to unauthorized manipulation of content and the potential disclosure of sensitive credentials within an authenticated session. Users accessing the web application can be misled into executing malicious scripts, thereby compromising their accounts and exposing sensitive information. It is imperative for users of this product to implement security best practices and update to a patched version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Emptoris Services Procurement 10.0.0.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/128109
x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg22005550
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99542
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.