CVE-2014-3040

Name of the Vulnerable Software and Affected Versions IBM Emptoris Contract Management versions 9.5.x through 9.5.0.6 iFix 9, 10.0.0.x through 10.0.0.1 iFix 9, 10.0.1.x through 10.0.1.3, and 10.0.2.x through 10.0.2.1 iFix 1 IBM Emptoris Sourcing Portfolio versions 9.5.x through 9.5.1.2, 10.0.0.x through 10.0.0.0, 10.0.1.x through 10.0.1.2, and 10.0.2.x through 10.0.2.3 IBM Emptoris Spend Analysis versions 9.5.x through 9.5.0.3, 10.0.1.x through 10.0.1.2, and 10.0.2.x through 10.0.2.3

Description A cross-site request forgery (CSRF) issue allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Recommendations For IBM Emptoris Contract Management versions 9.5.x through 9.5.0.6 iFix 9, update to version 9.5.0.6 iFix 10. For IBM Emptoris Contract Management versions 10.0.0.x through 10.0.0.1 iFix 9, update to version 10.0.0.1 iFix 10. For IBM Emptoris Contract Management versions 10.0.1.x through 10.0.1.3, update to version 10.0.1.4. For IBM Emptoris Contract Management versions 10.0.2.x through 10.0.2.1 iFix 1, update to version 10.0.2.2 iFix 2. For IBM Emptoris Sourcing Portfolio versions 9.5.x through 9.5.1.2, update to version 9.5.1.3. For IBM Emptoris Sourcing Portfolio versions 10.0.0.x through 10.0.0.0, update to version 10.0.0.1. For IBM Emptoris Sourcing Portfolio versions 10.0.1.x through 10.0.1.2, update to version 10.0.1.3. For IBM Emptoris Sourcing Portfolio versions 10.0.2.x through 10.0.2.3, update to version 10.0.2.4. For IBM Emptoris Spend Analysis versions 9.5.x through 9.5.0.3, update to version 9.5.0.4. For IBM Emptoris Spend Analysis versions 10.0.1.x through 10.0.1.2, update to version 10.0.1.3. For IBM Emptoris Spend Analysis versions 10.0.2.x through 10.0.2.3, update to version 10.0.2.4.