Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities found for Contract Management by IBM

    CVE-2019-4485 (GCVE-0-2019-4485)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:47.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194485-info-disc (164069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4485",
        "datePublished": "2019-08-20T18:25:27.111Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:37.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4484 (GCVE-0-2019-4484)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194484-info-disc (164068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4484",
        "datePublished": "2019-08-20T18:25:27.063Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:06.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4483 (GCVE-0-2019-4483)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/I:H/PR:L/S:U/AV:N/AC:L/C:L/A:L/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4483",
        "datePublished": "2019-08-20T18:25:27.014Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:43.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4481 (GCVE-0-2019-4481)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:10
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/C:L/A:L/AC:L/S:U/AV:N/UI:N/PR:L/I:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4481",
        "datePublished": "2019-08-20T18:25:26.966Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:10:37.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4308 (GCVE-0-2019-4308)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194308-info-disc (161034)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4308",
        "datePublished": "2019-08-20T18:25:26.552Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:47.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4483 (GCVE-0-2019-4483)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/I:H/PR:L/S:U/AV:N/AC:L/C:L/A:L/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4483",
        "datePublished": "2019-08-20T18:25:27.014Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:43.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4485 (GCVE-0-2019-4485)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:47.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194485-info-disc (164069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4485",
        "datePublished": "2019-08-20T18:25:27.111Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:37.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4484 (GCVE-0-2019-4484)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194484-info-disc (164068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4484",
        "datePublished": "2019-08-20T18:25:27.063Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:06.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4481 (GCVE-0-2019-4481)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:10
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/C:L/A:L/AC:L/S:U/AV:N/UI:N/PR:L/I:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4481",
        "datePublished": "2019-08-20T18:25:26.966Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:10:37.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4308 (GCVE-0-2019-4308)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194308-info-disc (161034)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4308",
        "datePublished": "2019-08-20T18:25:26.552Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:47.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }