Description
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Published: 2016-02-15
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2015-5067 Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
History

No history.

Subscriptions

Ibm Emptoris Contract Management
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2024-08-06T06:32:32.731Z

Reserved: 2015-06-24T00:00:00.000Z

Link: CVE-2015-5050

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2016-02-15T02:59:08.530

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-5050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses