N/A

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840.

N/A

N/A

IBM Emptoris Sourcing 安全漏洞

IBM Emptoris Sourcing是美国IBM公司的一套寻源到合同解决方案。该方案通过在寻源决策时考察成本、风险和绩效等因素，帮助企业从供应商那里获得实惠的价格和更大的价值。 IBM Emptoris Sourcing中存在安全漏洞。远程攻击者可通过诱使用户访问特制的网站利用该漏洞将用户重定向到任意网站，实施钓鱼攻击，获取敏感信息。以下版本受到影响：IBM Emptoris Sourcing 9.5.x版本，10.0.0版本，10.0.2版本，10.0.4版本，10.1.0版本，10.1.1版本。

N/A

N/A