Web Cache Poisoning Vulnerability in IBM Emptoris Sourcing
CVE-2020-4896

6.5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 January 2021

Summary

IBM Emptoris Sourcing versions 10.1.0, 10.1.1, and 10.1.3 are susceptible to web cache poisoning. This vulnerability arises from improper input validation, enabling attackers to manipulate HTTP request headers. As a result, malicious actors could exploit this flaw to serve poisoned content to users, compromising the integrity of the web cache system. Organizations using these versions of Emptoris Sourcing should take immediate action to mitigate this vulnerability.

Affected Version(s)

Emptoris Sourcing 10.1.0

Emptoris Sourcing 10.1.1

Emptoris Sourcing 10.1.3

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.