Vulnerability Name:

CVE-2017-1190 (CCN-123559)

Assigned:2016-11-30
Published:2017-08-04
Updated:2019-10-03
Summary:IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
CVSS v3 Severity:6.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2017-1190

Source: CCN
Type: IBM Security Bulletin 2006799 (Emptoris Strategic Supply Management)
Multiple vulnerabilities addressed in IBM Emptoris Strategic Supply Management (CVE-2016-6021, CVE-2016-6029, CVE-2017-1190)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22006799

Source: MISC
Type: VDB Entry, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/123559

Source: XF
Type: UNKNOWN
ibm-emptoris-cve20171190-command-exec(123559)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:emptoris:strategic_supply_management:10.0.0.0:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris:strategic_supply_management:10.0.1.0:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris:strategic_supply_management:10.0.2.0:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.1.1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:emptoris:strategic_supply_management:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm emptoris strategic supply management 10.0.0.0
    ibm emptoris strategic supply management 10.0.0.1
    ibm emptoris strategic supply management 10.0.0.2
    ibm emptoris strategic supply management 10.0.0.3
    ibm emptoris strategic supply management 10.0.1.0
    ibm emptoris strategic supply management 10.0.1.1
    ibm emptoris strategic supply management 10.0.1.2
    ibm emptoris strategic supply management 10.0.1.3
    ibm emptoris strategic supply management 10.0.1.4
    ibm emptoris strategic supply management 10.0.2.0
    ibm emptoris strategic supply management 10.0.2.1
    ibm emptoris strategic supply management 10.0.2.2
    ibm emptoris strategic supply management 10.0.2.3
    ibm emptoris strategic supply management 10.0.2.4
    ibm emptoris strategic supply management 10.0.2.5
    ibm emptoris strategic supply management 10.0.2.6
    ibm emptoris strategic supply management 10.0.2.7
    ibm emptoris strategic supply management 10.0.2.8
    ibm emptoris strategic supply management 10.0.2.9
    ibm emptoris strategic supply management 10.0.2.10
    ibm emptoris strategic supply management 10.0.2.11
    ibm emptoris strategic supply management 10.0.2.12
    ibm emptoris strategic supply management 10.0.2.13
    ibm emptoris strategic supply management 10.0.2.14
    ibm emptoris strategic supply management 10.0.2.15
    ibm emptoris strategic supply management 10.0.4.0
    ibm emptoris strategic supply management 10.1.0.0
    ibm emptoris strategic supply management 10.1.0.1
    ibm emptoris strategic supply management 10.1.0.2
    ibm emptoris strategic supply management 10.1.0.3
    ibm emptoris strategic supply management 10.1.0.4
    ibm emptoris strategic supply management 10.1.0.5
    ibm emptoris strategic supply management 10.1.0.6
    ibm emptoris strategic supply management 10.1.0.7
    ibm emptoris strategic supply management 10.1.0.8
    ibm emptoris strategic supply management 10.1.0.9
    ibm emptoris strategic supply management 10.1.0.10
    ibm emptoris strategic supply management 10.1.1.0
    ibm emptoris strategic supply management 10.1.1.1
    ibm emptoris strategic supply management 10.1.1.2
    ibm emptoris strategic supply management 10.1.1.3
    ibm emptoris strategic supply management 10.1.1.4
    ibm emptoris strategic supply management 10.1.1.5
    ibm emptoris strategic supply management 10.1.1.6
    ibm emptoris strategic supply management 10.1.1.7
    ibm emptoris strategic supply management 10.1.1.8
    ibm emptoris strategic_supply_management 10.0.0.0
    ibm emptoris strategic_supply_management 10.0.1.0
    ibm emptoris strategic_supply_management 10.0.2.0
    ibm emptoris strategic supply management 10.0.4.0
    ibm emptoris strategic supply management 10.1.0.0
    ibm emptoris strategic supply management 10.1.1.0
    ibm emptoris strategic_supply_management