CVE-2016-8947

MEDIUM

IBM Emptoris Sourcing <10.1.x - Open Redirect

Title source: llm

Description

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834

References (3)

Scores

CVSS v3 6.1
EPSS 0.0021
EPSS Percentile 43.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (18)
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
ibm/emptoris_sourcing
... and 8 more
Published Jul 12, 2017
Tracked Since Feb 18, 2026