Vulnerabilities > IBM > Emptoris Contract Management > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-15 CVE-2015-5050 Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Contract Management
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
network
low complexity
ibm CWE-352
8.8
2016-02-15 CVE-2015-5042 Improper Input Validation vulnerability in IBM Emptoris Contract Management
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.
network
low complexity
ibm CWE-20
7.5