Arbitrary Code Execution via Crafted Flash File in IBM Emptoris Contract Management

Arbitrary Code Execution via Crafted Flash File in IBM Emptoris Contract Management

CVE-2015-5042 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.

Learn more about our Web Application Penetration Testing UK.