PT-2018-4610 · Ibm · Ibm Emptoris Sourcing

Published

2018-02-02

Updated

2018-02-16

CVE-2016-0329

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Emptoris Sourcing versions 10.0.0.x through 10.0.0.1 iFix2 IBM Emptoris Sourcing versions 10.0.1.x through 10.0.1.3 iFix2 IBM Emptoris Sourcing versions 10.0.2.x through 10.0.2.8 IBM Emptoris Sourcing versions 10.0.4.0 through 10.0.4.0 iFix7 IBM Emptoris Sourcing versions 10.1.0.0 through 10.1.0.0 iFix2

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.

Recommendations For IBM Emptoris Sourcing versions 10.0.0.x, update to 10.0.0.1 iFix3 or later. For IBM Emptoris Sourcing versions 10.0.1.x, update to 10.0.1.3 iFix3 or later. For IBM Emptoris Sourcing versions 10.0.2.x, update to 10.0.2.8 iFix1 or later. For IBM Emptoris Sourcing versions 10.0.4.0, update to 10.0.4.0 iFix8 or later. For IBM Emptoris Sourcing versions 10.1.0.0, update to 10.1.0.0 iFix3 or later.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2016-0329

Affected Products

Ibm Emptoris Sourcing

PT-2018-4610 · Ibm · Ibm Emptoris Sourcing

CVE-2016-0329

Weakness Enumeration

Related Identifiers

Affected Products

References · 4