CVE-2015-4939 — MEDIUM (4.3)

Vulnerability Description

Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Emptoris Program Management	10.0.0.0
Ibm	Emptoris Supplier Lifecycle Management	10.0.0.0
Ibm	Emptoris Strategic Supply Management	10.0.0.0

Related Weaknesses (CWE)

CWE-79

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966754PatchVendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21966754PatchVendor Advisory

FAQ

What is CVE-2015-4939?

CVE-2015-4939 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0....

How severe is CVE-2015-4939?

CVE-2015-4939 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4939?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Emptoris Program Management, Ibm Emptoris Supplier Lifecycle Management, Ibm Emptoris Strategic Supply Management.