CVE-2015-4971

Published: Oct 6, 2015Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected (47)

Products: Ibm: Emptoris, Emptoris Program Management

Ibm

2 products

Emptoris

Emptoris Program Management

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Ibm Emptoris	Version supplier_lifecycle_management 10.0.0.0
Ibm Emptoris	Version supplier_lifecycle_management 10.0.0.1
Ibm Emptoris	Version supplier_lifecycle_management 10.0.0.2
Ibm Emptoris	Version supplier_lifecycle_management 10.0.0.3
Ibm Emptoris	Version supplier_lifecycle_management 10.0.1.0
Ibm Emptoris	Version supplier_lifecycle_management 10.0.1.1
Ibm Emptoris	Version supplier_lifecycle_management 10.0.1.2
Ibm Emptoris	Version supplier_lifecycle_management 10.0.2.0
Ibm Emptoris	Version supplier_lifecycle_management 10.0.2.2
Ibm Emptoris	Version supplier_lifecycle_management 10.0.2.3
Ibm Emptoris	Version supplier_lifecycle_management 10.0.2.5
Ibm Emptoris	Version supplier_lifecycle_management 10.0.2.6
Ibm Emptoris	Version supplier_lifecycle_management 10.0.2.7

Configuration B

17 vulnerable

Vulnerable Software	Affected Versions
Ibm Emptoris	Version strategic_supply_management 10.0.0.0
Ibm Emptoris	Version strategic_supply_management 10.0.0.1
Ibm Emptoris	Version strategic_supply_management 10.0.0.2
Ibm Emptoris	Version strategic_supply_management 10.0.0.3
Ibm Emptoris	Version strategic_supply_management 10.0.1.0
Ibm Emptoris	Version strategic_supply_management 10.0.1.1
Ibm Emptoris	Version strategic_supply_management 10.0.1.2
Ibm Emptoris	Version strategic_supply_management 10.0.1.3
Ibm Emptoris	Version strategic_supply_management 10.0.1.4
Ibm Emptoris	Version strategic_supply_management 10.0.2.0
Ibm Emptoris	Version strategic_supply_management 10.0.2.1
Ibm Emptoris	Version strategic_supply_management 10.0.2.2
Ibm Emptoris	Version strategic_supply_management 10.0.2.3
Ibm Emptoris	Version strategic_supply_management 10.0.2.4
Ibm Emptoris	Version strategic_supply_management 10.0.2.5
Ibm Emptoris	Version strategic_supply_management 10.0.2.6
Ibm Emptoris	Version strategic_supply_management 10.0.2.7

Configuration C

17 vulnerable

Vulnerable Software	Affected Versions
Ibm Emptoris Program Management	Version 10.0.0.0
Ibm Emptoris Program Management	Version 10.0.0.1
Ibm Emptoris Program Management	Version 10.0.0.2
Ibm Emptoris Program Management	Version 10.0.0.3
Ibm Emptoris Program Management	Version 10.0.1.0
Ibm Emptoris Program Management	Version 10.0.1.1
Ibm Emptoris Program Management	Version 10.0.1.2
Ibm Emptoris Program Management	Version 10.0.1.3
Ibm Emptoris Program Management	Version 10.0.1.4
Ibm Emptoris Program Management	Version 10.0.2.0
Ibm Emptoris Program Management	Version 10.0.2.1
Ibm Emptoris Program Management	Version 10.0.2.2
Ibm Emptoris Program Management	Version 10.0.2.3
Ibm Emptoris Program Management	Version 10.0.2.4
Ibm Emptoris Program Management	Version 10.0.2.5
Ibm Emptoris Program Management	Version 10.0.2.6
Ibm Emptoris Program Management	Version 10.0.2.7

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21966754

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21966754

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.