IBM Emptoris Contract Management Multiple CSRF Vulnerabilities

IBM Emptoris Contract Management Multiple CSRF Vulnerabilities

CVE-2015-5050 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Learn more about our Cis Benchmark Audit For Ibm I.