Web Cache Poisoning Vulnerability in IBM Emptoris Sourcing
CVE-2020-4896

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Emptoris Sourcing
Vendor: CVE Published:; 7 January 2021

Summary

IBM Emptoris Sourcing versions 10.1.0, 10.1.1, and 10.1.3 are susceptible to web cache poisoning. This vulnerability arises from improper input validation, enabling attackers to manipulate HTTP request headers. As a result, malicious actors could exploit this flaw to serve poisoned content to users, compromising the integrity of the web cache system. Organizations using these versions of Emptoris Sourcing should take immediate action to mitigate this vulnerability.

Affected Version(s)

Emptoris Sourcing 10.1.0

Emptoris Sourcing 10.1.1

Emptoris Sourcing 10.1.3

References

https://www.ibm.com/support/pages/node/6398284

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/190987

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2021
Vulnerability Reserved
Dec 30, 2019