CVE-2015-5024

Published: Oct 6, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticated users to obtain sensitive supplier-bid information via unspecified vectors.

Affected (7)

Products: Ibm: Emptoris Sourcing

Ibm

1 product

Emptoris Sourcing

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Ibm Emptoris Sourcing	Version 10.0.2.0
Ibm Emptoris Sourcing	Version 10.0.2.2
Ibm Emptoris Sourcing	Version 10.0.2.3
Ibm Emptoris Sourcing	Version 10.0.2.5
Ibm Emptoris Sourcing	Version 10.0.2.6
Ibm Emptoris Sourcing	Version 10.0.2.7
Ibm Emptoris Sourcing	Version 10.0.4.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21967255

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21967255

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.