Phishing Vulnerability in IBM Emptoris Supplier Lifecycle Management
CVE-2017-1448

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Emptoris Supplier Lifecycle Management
Vendor
CVE Published:
9 August 2017

Summary

IBM Emptoris Supplier Lifecycle Management versions 10.0.x and 10.1.x contain a vulnerability that enables remote attackers to execute phishing attacks. By manipulating the redirection process, an attacker can create a deceptive URL that lures victims to click on it, leading them to a malicious website disguised as a trusted source. This exploit can facilitate the extraction of sensitive information or initiate additional attacks on the victim, significantly endangering data security.

Affected Version(s)

Emptoris Supplier Lifecycle Management 10.1.0.0

Emptoris Supplier Lifecycle Management 10.0.0.0

Emptoris Supplier Lifecycle Management 10.0.1.0

References

http://www.ibm.com/support/docview.wss?uid=swg22006854
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/128173
x_refsource_MISC
http://www.securityfocus.com/bid/100222
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.