PT-2016-3664 · Ibm · Ibm Emptoris Contract Management

Publicado

2016-02-15

Atualizado

2016-03-10

CVE-2015-5042

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Emptoris Contract Management versions 9.5.0.x through 9.5.0.5, IBM Emptoris Contract Management versions 10.0.0.x through 10.0.1.4, IBM Emptoris Contract Management versions 10.0.2.x through 10.0.2.6, IBM Emptoris Contract Management version 10.0.4.0 through 10.0.4.2

Description The issue allows remote attackers to execute arbitrary code by including a crafted Flash file.

Recommendations For IBM Emptoris Contract Management versions 9.5.0.x, update to 9.5.0.6 iFix15 or later. For IBM Emptoris Contract Management versions 10.0.0.x and 10.0.1.x, update to 10.0.1.5 iFix5 or later. For IBM Emptoris Contract Management versions 10.0.2.x, update to 10.0.2.7 iFix4 or later. For IBM Emptoris Contract Management versions 10.0.4.x, update to 10.0.4.0 iFix3 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-5042

Produtos afetados

Ibm Emptoris Contract Management

PT-2016-3664 · Ibm · Ibm Emptoris Contract Management

CVE-2015-5042

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2