Vulnerabilities > IBM > Emptoris Strategic Supply Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2020-4898 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-01-07 | CVE-2020-4895 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-01-07 | CVE-2020-4893 | Cleartext Transmission of Sensitive Information vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. | 5.9 |
| 2017-09-05 | CVE-2017-1097 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-08-14 | CVE-2017-1190 | Unspecified vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. | 6.4 |
| 2017-08-14 | CVE-2016-6029 | Information Exposure vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-08-14 | CVE-2016-6021 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-09 | CVE-2017-1448 | Open Redirect vulnerability in IBM products IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2017-08-09 | CVE-2016-8949 | Open Redirect vulnerability in IBM products IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2017-08-09 | CVE-2016-6121 | Cross-site Scripting vulnerability in IBM products IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. | 5.4 |