Web Cache Poisoning Vulnerability in IBM Emptoris Sourcing
CVE-2020-4896
6.5MEDIUM
Summary
IBM Emptoris Sourcing versions 10.1.0, 10.1.1, and 10.1.3 are susceptible to web cache poisoning. This vulnerability arises from improper input validation, enabling attackers to manipulate HTTP request headers. As a result, malicious actors could exploit this flaw to serve poisoned content to users, compromising the integrity of the web cache system. Organizations using these versions of Emptoris Sourcing should take immediate action to mitigate this vulnerability.
Affected Version(s)
Emptoris Sourcing 10.1.0
Emptoris Sourcing 10.1.1
Emptoris Sourcing 10.1.3
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved