What is the severity of CVE-2017-1098?

CVE-2017-1098 is classified as a high severity vulnerability due to its impact on the confidentiality of user credentials.

How do I fix CVE-2017-1098?

To fix CVE-2017-1098, upgrade to the latest version of IBM Emptoris Supplier Lifecycle Management that addresses this vulnerability.

What causes CVE-2017-1098?

CVE-2017-1098 is caused by a cross-site scripting vulnerability that allows arbitrary JavaScript code to be executed in the web user interface.

Who is affected by CVE-2017-1098?

Users of IBM Emptoris Supplier Lifecycle Management versions 10.1.0.0 to 10.1.0.13 are affected by CVE-2017-1098.

Can CVE-2017-1098 lead to further attacks?

Yes, CVE-2017-1098 could potentially lead to further attacks, including credential disclosure within a trusted session.

Vulnerability/
CVE-2017-1098

medium

5.4

CWE

7/9/2017

5/8/2024

CVE-2017-1098: XSS

First published: Thu Sep 07 2017(Updated: )

IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Emptoris Supplier Lifecycle Management	=10.1.0.0
IBM Emptoris Supplier Lifecycle Management	=10.1.0.1
IBM Emptoris Supplier Lifecycle Management	=10.1.0.2
IBM Emptoris Supplier Lifecycle Management	=10.1.0.3
IBM Emptoris Supplier Lifecycle Management	=10.1.0.4
IBM Emptoris Supplier Lifecycle Management	=10.1.0.5
IBM Emptoris Supplier Lifecycle Management	=10.1.0.6
IBM Emptoris Supplier Lifecycle Management	=10.1.0.7
IBM Emptoris Supplier Lifecycle Management	=10.1.0.8
IBM Emptoris Supplier Lifecycle Management	=10.1.0.9
IBM Emptoris Supplier Lifecycle Management	=10.1.0.10
IBM Emptoris Supplier Lifecycle Management	=10.1.0.11
IBM Emptoris Supplier Lifecycle Management	=10.1.0.12
IBM Emptoris Supplier Lifecycle Management	=10.1.0.13

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1098?
CVE-2017-1098 is classified as a high severity vulnerability due to its impact on the confidentiality of user credentials.
How do I fix CVE-2017-1098?
To fix CVE-2017-1098, upgrade to the latest version of IBM Emptoris Supplier Lifecycle Management that addresses this vulnerability.
What causes CVE-2017-1098?
CVE-2017-1098 is caused by a cross-site scripting vulnerability that allows arbitrary JavaScript code to be executed in the web user interface.
Who is affected by CVE-2017-1098?
Users of IBM Emptoris Supplier Lifecycle Management versions 10.1.0.0 to 10.1.0.13 are affected by CVE-2017-1098.
Can CVE-2017-1098 lead to further attacks?
Yes, CVE-2017-1098 could potentially lead to further attacks, including credential disclosure within a trusted session.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/ibm
canonical/ibm emptoris supplier lifecycle management
version/ibm emptoris supplier lifecycle management/10.1.0.0
version/ibm emptoris supplier lifecycle management/10.1.0.1
version/ibm emptoris supplier lifecycle management/10.1.0.2
version/ibm emptoris supplier lifecycle management/10.1.0.3
version/ibm emptoris supplier lifecycle management/10.1.0.4
version/ibm emptoris supplier lifecycle management/10.1.0.5
version/ibm emptoris supplier lifecycle management/10.1.0.6
version/ibm emptoris supplier lifecycle management/10.1.0.7
version/ibm emptoris supplier lifecycle management/10.1.0.8
version/ibm emptoris supplier lifecycle management/10.1.0.9
version/ibm emptoris supplier lifecycle management/10.1.0.10
version/ibm emptoris supplier lifecycle management/10.1.0.11
version/ibm emptoris supplier lifecycle management/10.1.0.12
version/ibm emptoris supplier lifecycle management/10.1.0.13

Frequently Asked Questions

What is the severity of CVE-2017-1098?
CVE-2017-1098 is classified as a high severity vulnerability due to its impact on the confidentiality of user credentials.
How do I fix CVE-2017-1098?
To fix CVE-2017-1098, upgrade to the latest version of IBM Emptoris Supplier Lifecycle Management that addresses this vulnerability.
What causes CVE-2017-1098?
CVE-2017-1098 is caused by a cross-site scripting vulnerability that allows arbitrary JavaScript code to be executed in the web user interface.
Who is affected by CVE-2017-1098?
Users of IBM Emptoris Supplier Lifecycle Management versions 10.1.0.0 to 10.1.0.13 are affected by CVE-2017-1098.
Can CVE-2017-1098 lead to further attacks?
Yes, CVE-2017-1098 could potentially lead to further attacks, including credential disclosure within a trusted session.

CVE-2017-1098: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1098?

How do I fix CVE-2017-1098?

What causes CVE-2017-1098?

Who is affected by CVE-2017-1098?

Can CVE-2017-1098 lead to further attacks?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-1098?

How do I fix CVE-2017-1098?

What causes CVE-2017-1098?

Who is affected by CVE-2017-1098?

Can CVE-2017-1098 lead to further attacks?