VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 26, 2014· Updated May 6, 2026

CVE-2014-3040

CVE-2014-3040

Description

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected products

41
  • IBM/Emptoris Spend Analysis11 versions
    cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:9.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_spend_analysis:10.0.2.2:*:*:*:*:*:*:*
  • IBM/Emptoris Sourcing Portfolio13 versions
    cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:9.5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_sourcing_portfolio:10.0.2.3:*:*:*:*:*:*:*
  • IBM/Emptoris Contract Management17 versions
    cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.