Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-07	CVE-2020-4895	Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. network low complexity ibm CWE-79	5.4
2021-01-07	CVE-2020-4893	Cleartext Transmission of Sensitive Information vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. network high complexity ibm CWE-319	5.9
2017-08-14	CVE-2017-1190	Unspecified vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. local high complexity ibm	6.4
2017-08-14	CVE-2016-6029	Information Exposure vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. network high complexity ibm CWE-200	5.9
2017-08-14	CVE-2016-6021	Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-08-09	CVE-2017-1448	Open Redirect vulnerability in IBM products IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. network low complexity ibm CWE-601	5.4
2017-08-09	CVE-2016-8949	Open Redirect vulnerability in IBM products IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. network low complexity ibm CWE-601	5.4
2017-08-09	CVE-2016-6121	Cross-site Scripting vulnerability in IBM products IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-07-24	CVE-2016-6118	Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-07-13	CVE-2016-8952	Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4