PT-2016-3664 · Ibm · Ibm Emptoris Contract Management
Published
2016-02-15
·
Updated
2016-03-10
·
CVE-2015-5042
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Emptoris Contract Management versions 9.5.0.x through 9.5.0.5,
IBM Emptoris Contract Management versions 10.0.0.x through 10.0.1.4,
IBM Emptoris Contract Management versions 10.0.2.x through 10.0.2.6,
IBM Emptoris Contract Management version 10.0.4.0 through 10.0.4.2
Description
The issue allows remote attackers to execute arbitrary code by including a crafted Flash file.
Recommendations
For IBM Emptoris Contract Management versions 9.5.0.x, update to 9.5.0.6 iFix15 or later.
For IBM Emptoris Contract Management versions 10.0.0.x and 10.0.1.x, update to 10.0.1.5 iFix5 or later.
For IBM Emptoris Contract Management versions 10.0.2.x, update to 10.0.2.7 iFix4 or later.
For IBM Emptoris Contract Management versions 10.0.4.x, update to 10.0.4.0 iFix3 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Emptoris Contract Management