Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Emptoris Spend Analysis | 9.5.0.0 |
| Ibm | Emptoris Sourcing Portfolio | 9.5.0.0 |
| Ibm | Emptoris Contract Management | 9.5.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60479
- http://secunia.com/advisories/60480
- http://secunia.com/advisories/60481
- http://www-01.ibm.com/support/docview.wss?uid=swg21680370Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680665Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21681277Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93306
- http://secunia.com/advisories/60479
- http://secunia.com/advisories/60480
- http://secunia.com/advisories/60481
- http://www-01.ibm.com/support/docview.wss?uid=swg21680370Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680665Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21681277Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93306
FAQ
What is CVE-2014-3040?
CVE-2014-3040 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2...
How severe is CVE-2014-3040?
CVE-2014-3040 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3040?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Emptoris Spend Analysis, Ibm Emptoris Sourcing Portfolio, Ibm Emptoris Contract Management.