Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2014-3040

EPSS 0.24% · P47
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3040

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款IBM Emptoris产品跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM Emptoris Contract Management、IBM Emptoris Sourcing Portfolio和IBM Emptoris Spend Analysis都是美国IBM公司的采购解决方案中的产品。IBM Emptoris Contract Management是一套可实现合同生命周期自动化的软件。IBM Emptoris Sourcing Portfolio是一套采购解决方案中的用于简化复杂的寻源决策和活动从而更好地进行战略寻源的产品。IBM Emptoris Spend A
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-3040

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-3040

登录查看更多情报信息。

Vendor Advisories for CVE-2014-3040 (7)

Same Patch Batch · n/a · 2014-08-26 · 21 CVEs total

CVE-2014-3524Apache OpenOffice Calc 远程命令注入漏洞
CVE-2014-4790IBM Emptoris Sourcing Portfolio和Emptoris Spend Analysis 权限许可和访问控制漏洞
CVE-2014-3335Cisco IOS XR on ASR 9000 输入验证漏洞
CVE-2014-3033IBM Emptoris Sourcing Portfolio 跨站脚本漏洞
CVE-2013-6335IBM Tivoli Storage Manager for Space Management 权限许可和访问控制问题漏洞
CVE-2014-5336Monkey HTTP Server‘mk_request_free()’函数输入验证错误漏洞
CVE-2014-5307多款Panda Security产品堆溢出漏洞
CVE-2014-5263QEMU 'vmstate_xhci_event'字段缓冲区溢出漏洞
CVE-2014-5035Opendaylight Netconf Service XML外部实体注入漏洞
CVE-2014-3907WordPress MailPoet Newsletters插件跨站请求伪造漏洞
CVE-2014-0480Django ‘core.urlresolvers.reverse’函数输入验证漏洞
CVE-2014-3061IBM Emptoris Spend Analysis 跨站请求伪造漏洞
CVE-2014-3041IBM Emptoris Contract Management SQL注入漏洞
CVE-2014-3035IBM Emptoris Spend Analysis 跨站脚本漏洞
CVE-2014-3034IBM Emptoris Contract Management 跨站脚本漏洞
CVE-2014-2528KDirStat kcleanup.cpp脚本安全漏洞
CVE-2014-2527KDirStat kcleanup.cpp脚本安全漏洞
CVE-2014-0483Django 权限许可和访问控制漏洞
CVE-2014-0482Django 授权问题漏洞
CVE-2014-0481Django 配置错误漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-3040

No comments yet

Leave a comment