CVE-2015-5042

HIGH

IBM Emptoris Contract Management RCE via Crafted Flash File

Title source: llm
STIX 2.1

Description

IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21973592

Scores

CVSS v3 7.5
EPSS 0.0176
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (24)
ibm/emptoris_contract_management 9.5.0.0
ibm/emptoris_contract_management 9.5.0.1
ibm/emptoris_contract_management 9.5.0.2
ibm/emptoris_contract_management 9.5.0.3
ibm/emptoris_contract_management 9.5.0.4
ibm/emptoris_contract_management 9.5.0.5
ibm/emptoris_contract_management 9.5.0.6
ibm/emptoris_contract_management 10.0.0.0
ibm/emptoris_contract_management 10.0.0.1
ibm/emptoris_contract_management 10.0.1.0
... and 14 more
Published Feb 15, 2016
Tracked Since Feb 18, 2026