{"containers": {"cna": {"affected": [{"product": "Emptoris Services Procurement", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.0.0.5"}]}], "datePublic": "2017-08-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105."}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-31T09:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"}, {"name": "99542", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99542"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2017-08-28T00:00:00", "ID": "CVE-2017-1440", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Emptoris Services Procurement", "version": {"version_data": [{"version_value": "10.0.0.5"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"}, {"name": "99542", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99542"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:32:29.769Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"}, {"name": "99542", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99542"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2017-1440", "datePublished": "2017-08-30T21:00:00.000Z", "dateReserved": "2016-11-30T00:00:00.000Z", "dateUpdated": "2024-09-16T18:19:21.159Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C33906-5E82-4E6B-8366-DAF2D8E257C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "433B6F1E-A425-48AA-A122-A5C607B25BFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9178BB81-6C4E-4FE3-8C88-14FE4D93FEBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B126FA9F-D8F8-4089-A98B-E3E506685934", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8D8A7113-0F4B-4E7A-AB03-C86794E54B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6C4C2602-FF2D-4D16-941E-96C45D563327", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_services_procurement:10.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F195668-2897-4365-98C7-1F969AEF0822", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105."}, {"lang": "es", "value": "IBM Emptoris Services Procurement 10.0.0.5 podr\u00eda permitir a un atacante remoto incluir archivos arbitrarios. Un atacante remoto podr\u00eda enviar una URL especialmente manipulada para especificar un archivo malicioso desde un sistema remoto, que podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el servidor web vulnerable. IBM X-Force ID: 128105."}], "id": "CVE-2017-1440", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-30T21:29:00.367", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99542"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128105"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}