Vulnerabilities > IBM > Emptoris Services Procurement > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-30 CVE-2017-1442 Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Services Procurement
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-08-30 CVE-2017-1440 Code Injection vulnerability in IBM Emptoris Services Procurement
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files.
network
low complexity
ibm CWE-94
8.8