Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    20 vulnerabilities found for Emptoris Spend Analysis by IBM

    CVE-2020-4897 (GCVE-0-2020-4897)

    Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-17 03:14
    VLAI
    Summary
    IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Contract Management Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2021-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6398276"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6398280"
              },
              {
                "name": "ibm-emptoris-cve20204897-info-disc (190988)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2021-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:N/A:N/AC:L/AV:N/UI:N/S:U/C:L/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-07T17:40:29.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6398276"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6398280"
            },
            {
              "name": "ibm-emptoris-cve20204897-info-disc (190988)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-06T00:00:00",
              "ID": "CVE-2020-4897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6398276",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
                  "url": "https://www.ibm.com/support/pages/node/6398276"
                },
                {
                  "name": "https://www.ibm.com/support/pages/node/6398280",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
                  "url": "https://www.ibm.com/support/pages/node/6398280"
                },
                {
                  "name": "ibm-emptoris-cve20204897-info-disc (190988)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4897",
        "datePublished": "2021-01-07T17:40:29.989Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:14:32.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4752 (GCVE-0-2019-4752)

    Vulnerability from cvelistv5 – Published: 2020-02-20 16:45 – Updated: 2024-09-16 18:54
    VLAI
    Summary
    IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Strategic Supply Management Affected: 10.1.0.34
    Affected: 10.1.1.33
    Affected: 10.1.3.29
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2020-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:49.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/2948919"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/2950269"
              },
              {
                "name": "ibm-emptoris-cve20194752-sql-injection (173348)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Strategic Supply Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0.34"
                },
                {
                  "status": "affected",
                  "version": "10.1.1.33"
                },
                {
                  "status": "affected",
                  "version": "10.1.3.29"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2020-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/S:U/AC:L/PR:L/C:H/A:L/UI:N/AV:N/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-20T16:45:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/2948919"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/2950269"
            },
            {
              "name": "ibm-emptoris-cve20194752-sql-injection (173348)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-02-19T00:00:00",
              "ID": "CVE-2019-4752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Strategic Supply Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0.34"
                              },
                              {
                                "version_value": "10.1.1.33"
                              },
                              {
                                "version_value": "10.1.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/2948919",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 2948919 (Emptoris Spend Analysis)",
                  "url": "https://www.ibm.com/support/pages/node/2948919"
                },
                {
                  "name": "https://www.ibm.com/support/pages/node/2950269",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 2950269 (Emptoris Strategic Supply Management)",
                  "url": "https://www.ibm.com/support/pages/node/2950269"
                },
                {
                  "name": "ibm-emptoris-cve20194752-sql-injection (173348)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4752",
        "datePublished": "2020-02-20T16:45:18.293Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:54:04.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4482 (GCVE-0-2019-4482)

    Vulnerability from cvelistv5 – Published: 2019-08-20 19:30 – Updated: 2024-09-16 19:24
    VLAI
    Summary
    IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
              },
              {
                "name": "ibm-emptoris-cve20194482-xss (164066)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/I:L/UI:R/PR:L/AC:L/C:L/AV:N/S:C/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T19:30:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
            },
            {
              "name": "ibm-emptoris-cve20194482-xss (164066)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880217",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880217 (Emptoris Spend Analysis)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
                },
                {
                  "name": "ibm-emptoris-cve20194482-xss (164066)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4482",
        "datePublished": "2019-08-20T19:30:25.671Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:24:08.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4485 (GCVE-0-2019-4485)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:47.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194485-info-disc (164069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4485",
        "datePublished": "2019-08-20T18:25:27.111Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:37.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4484 (GCVE-0-2019-4484)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194484-info-disc (164068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4484",
        "datePublished": "2019-08-20T18:25:27.063Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:06.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4483 (GCVE-0-2019-4483)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/I:H/PR:L/S:U/AV:N/AC:L/C:L/A:L/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4483",
        "datePublished": "2019-08-20T18:25:27.014Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:43.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4481 (GCVE-0-2019-4481)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:10
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/C:L/A:L/AC:L/S:U/AV:N/UI:N/PR:L/I:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4481",
        "datePublished": "2019-08-20T18:25:26.966Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:10:37.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4308 (GCVE-0-2019-4308)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194308-info-disc (161034)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4308",
        "datePublished": "2019-08-20T18:25:26.552Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:47.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1445 (GCVE-0-2017-1445)

    Vulnerability from cvelistv5 – Published: 2017-08-30 21:00 – Updated: 2024-09-17 04:20
    VLAI
    Summary
    IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 9.5.0.0
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99541",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99541"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "99541",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99541"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-08-28T00:00:00",
              "ID": "CVE-2017-1445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5.0.0"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99541",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99541"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1445",
        "datePublished": "2017-08-30T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:20:49.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1446 (GCVE-0-2017-1446)

    Vulnerability from cvelistv5 – Published: 2017-08-30 21:00 – Updated: 2024-09-16 23:21
    VLAI
    Summary
    IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 9.5.0.0
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99541",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "99541",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-08-28T00:00:00",
              "ID": "CVE-2017-1446",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5.0.0"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99541",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99541"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1446",
        "datePublished": "2017-08-30T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:21:52.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4897 (GCVE-0-2020-4897)

    Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-17 03:14
    VLAI
    Summary
    IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Contract Management Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2021-01-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:59.118Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6398276"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6398280"
              },
              {
                "name": "ibm-emptoris-cve20204897-info-disc (190988)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2021-01-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:N/A:N/AC:L/AV:N/UI:N/S:U/C:L/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-07T17:40:29.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6398276"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6398280"
            },
            {
              "name": "ibm-emptoris-cve20204897-info-disc (190988)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2021-01-06T00:00:00",
              "ID": "CVE-2020-4897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6398276",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
                  "url": "https://www.ibm.com/support/pages/node/6398276"
                },
                {
                  "name": "https://www.ibm.com/support/pages/node/6398280",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
                  "url": "https://www.ibm.com/support/pages/node/6398280"
                },
                {
                  "name": "ibm-emptoris-cve20204897-info-disc (190988)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4897",
        "datePublished": "2021-01-07T17:40:29.989Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:14:32.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4752 (GCVE-0-2019-4752)

    Vulnerability from nvd – Published: 2020-02-20 16:45 – Updated: 2024-09-16 18:54
    VLAI
    Summary
    IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Strategic Supply Management Affected: 10.1.0.34
    Affected: 10.1.1.33
    Affected: 10.1.3.29
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.1
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2020-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:49.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/2948919"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/2950269"
              },
              {
                "name": "ibm-emptoris-cve20194752-sql-injection (173348)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Strategic Supply Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0.34"
                },
                {
                  "status": "affected",
                  "version": "10.1.1.33"
                },
                {
                  "status": "affected",
                  "version": "10.1.3.29"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2020-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/S:U/AC:L/PR:L/C:H/A:L/UI:N/AV:N/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-20T16:45:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/2948919"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/2950269"
            },
            {
              "name": "ibm-emptoris-cve20194752-sql-injection (173348)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-02-19T00:00:00",
              "ID": "CVE-2019-4752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Strategic Supply Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0.34"
                              },
                              {
                                "version_value": "10.1.1.33"
                              },
                              {
                                "version_value": "10.1.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "H",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/2948919",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 2948919 (Emptoris Spend Analysis)",
                  "url": "https://www.ibm.com/support/pages/node/2948919"
                },
                {
                  "name": "https://www.ibm.com/support/pages/node/2950269",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 2950269 (Emptoris Strategic Supply Management)",
                  "url": "https://www.ibm.com/support/pages/node/2950269"
                },
                {
                  "name": "ibm-emptoris-cve20194752-sql-injection (173348)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4752",
        "datePublished": "2020-02-20T16:45:18.293Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:54:04.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4482 (GCVE-0-2019-4482)

    Vulnerability from nvd – Published: 2019-08-20 19:30 – Updated: 2024-09-16 19:24
    VLAI
    Summary
    IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
              },
              {
                "name": "ibm-emptoris-cve20194482-xss (164066)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/I:L/UI:R/PR:L/AC:L/C:L/AV:N/S:C/RL:O/RC:C/E:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T19:30:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
            },
            {
              "name": "ibm-emptoris-cve20194482-xss (164066)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164066."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880217",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880217 (Emptoris Spend Analysis)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880217"
                },
                {
                  "name": "ibm-emptoris-cve20194482-xss (164066)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164066"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4482",
        "datePublished": "2019-08-20T19:30:25.671Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:24:08.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4483 (GCVE-0-2019-4483)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/I:H/PR:L/S:U/AV:N/AC:L/C:L/A:L/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194483-sql-injection (164067)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4483",
        "datePublished": "2019-08-20T18:25:27.014Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:43.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4485 (GCVE-0-2019-4485)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:40:47.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194485-info-disc (164069)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194485-info-disc (164069)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4485",
        "datePublished": "2019-08-20T18:25:27.111Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:50:37.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4484 (GCVE-0-2019-4484)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:27.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194484-info-disc (164068)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194484-info-disc (164068)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4484",
        "datePublished": "2019-08-20T18:25:27.063Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:06.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4481 (GCVE-0-2019-4481)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:10
    VLAI
    Summary
    IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
    CWE
    • Data Manipulation
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
              },
              {
                "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 6.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/C:L/A:L/AC:L/S:U/AV:N/UI:N/PR:L/I:H/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Data Manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
            },
            {
              "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "H",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Data Manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880223 (Contract Management)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
                },
                {
                  "name": "ibm-emptoris-cve20194481-sql-injection (164064)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4481",
        "datePublished": "2019-08-20T18:25:26.966Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:10:37.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4308 (GCVE-0-2019-4308)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
    VLAI
    Summary
    IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Sourcing Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Contract Management Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    IBM Emptoris Spend Analysis Affected: 10.1.0
    Affected: 10.1.3
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
              },
              {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Sourcing",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Contract Management",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            },
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.3"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
              "name": "ibm-emptoris-cve20194308-info-disc (161034)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Sourcing",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Contract Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
                },
                {
                  "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4308",
        "datePublished": "2019-08-20T18:25:26.552Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:47.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1446 (GCVE-0-2017-1446)

    Vulnerability from nvd – Published: 2017-08-30 21:00 – Updated: 2024-09-16 23:21
    VLAI
    Summary
    IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 9.5.0.0
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99541",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "99541",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-08-28T00:00:00",
              "ID": "CVE-2017-1446",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5.0.0"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99541",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99541"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128171"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1446",
        "datePublished": "2017-08-30T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:21:52.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1445 (GCVE-0-2017-1445)

    Vulnerability from nvd – Published: 2017-08-30 21:00 – Updated: 2024-09-17 04:20
    VLAI
    Summary
    IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Emptoris Spend Analysis Affected: 9.5.0.0
    Affected: 10.0.0
    Affected: 10.0.1
    Affected: 10.0.2
    Affected: 10.0.4
    Affected: 10.1.0
    Affected: 10.1.1
    Create a notification for this product.
    Date Public
    2017-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:29.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99541",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99541"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Emptoris Spend Analysis",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.5.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.0"
                },
                {
                  "status": "affected",
                  "version": "10.0.1"
                },
                {
                  "status": "affected",
                  "version": "10.0.2"
                },
                {
                  "status": "affected",
                  "version": "10.0.4"
                },
                {
                  "status": "affected",
                  "version": "10.1.0"
                },
                {
                  "status": "affected",
                  "version": "10.1.1"
                }
              ]
            }
          ],
          "datePublic": "2017-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-31T09:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "99541",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99541"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-08-28T00:00:00",
              "ID": "CVE-2017-1445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Emptoris Spend Analysis",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "9.5.0.0"
                              },
                              {
                                "version_value": "10.0.0"
                              },
                              {
                                "version_value": "10.0.1"
                              },
                              {
                                "version_value": "10.0.2"
                              },
                              {
                                "version_value": "10.0.4"
                              },
                              {
                                "version_value": "10.1.0"
                              },
                              {
                                "version_value": "10.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99541",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99541"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22005787"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128170"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1445",
        "datePublished": "2017-08-30T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:20:49.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }