cpe:/a:ibm:emptoris_sourcing:9.5 cpe:/a:ibm:emptoris_sourcing:9.5.0.1 cpe:/a:ibm:emptoris_sourcing:9.5.0.2 cpe:/a:ibm:emptoris_sourcing:9.5.1.0 cpe:/a:ibm:emptoris_sourcing:9.5.1.1 cpe:/a:ibm:emptoris_sourcing:9.5.1.2 cpe:/a:ibm:emptoris_sourcing:9.5.1.3 cpe:/a:ibm:emptoris_sourcing:10.0.0 cpe:/a:ibm:emptoris_sourcing:10.0.1 cpe:/a:ibm:emptoris_sourcing:10.0.2 cpe:/a:ibm:emptoris_sourcing:10.0.4 cpe:/a:ibm:emptoris_sourcing:10.1.0 cpe:/a:ibm:emptoris_sourcing:10.1.1 cpe:/a:ibm:emptoris_sourcing:10.1.3 CVE-2017-1449 2017-08-31T10:29:00.337-04:00 2017-09-04T12:32:21.977-04:00 4.9 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL NONE http://nvd.nist.gov 2017-09-03T12:44:11.823-04:00 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg22005834 MISC https://exchange.xforce.ibmcloud.com/vulnerabilities/128174 IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174.