Search criteria
48 vulnerabilities found for emptoris_contract_management by ibm
FKIE_CVE-2020-4897
Vulnerability from fkie_nvd - Published: 2021-01-07 18:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190988 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398276 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398280 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190988 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398276 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398280 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_spend_analysis | * | |
| ibm | emptoris_spend_analysis | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F05978-ED9E-4BA7-9CE9-CF9231D30084",
"versionEndExcluding": "10.1.0.38",
"versionStartIncluding": "10.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAAA84C-E27E-464A-BEAC-21EBD34EE0BC",
"versionEndExcluding": "10.1.1.35",
"versionStartIncluding": "10.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B18C2795-F243-4281-A780-56B90030B7C0",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0202D-E692-4197-AE3B-4E8502918EAC",
"versionEndExcluding": "10.1.0.38",
"versionStartIncluding": "10.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7D5C9E-AD68-4909-96CF-96466E8E53D9",
"versionEndExcluding": "10.1.1.35",
"versionStartIncluding": "10.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20BD8B7D-473E-4773-BCA8-81711DF5A8FA",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
},
{
"lang": "es",
"value": "IBM Emptoris Contract Management e IBM Emptoris Spend Analysis versiones 10.1.0, 10.1.1 y 10.1.3, podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando un mensaje de error t\u00e9cnico detallado es devuelto en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda usarse en nuevos ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 190988"
}
],
"id": "CVE-2020-4897",
"lastModified": "2024-11-21T05:33:23.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-07T18:15:13.700",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398280"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4892
Vulnerability from fkie_nvd - Published: 2021-01-07 18:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190979 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6398274 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190979 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6398274 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B18C2795-F243-4281-A780-56B90030B7C0",
"versionEndExcluding": "10.1.3.30",
"versionStartIncluding": "10.1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
},
{
"lang": "es",
"value": "IBM Emptoris Contract Management versi\u00f3n 10.1.3, es vulnerable a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista que puede conllevar a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 190979"
}
],
"id": "CVE-2020-4892",
"lastModified": "2024-11-21T05:33:22.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-07T18:15:13.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6398274"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4484
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164068 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164068 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda utilizarse en otros ataques contra el Sistema. ID de IBM X-Force: 164068."
}
],
"id": "CVE-2019-4484",
"lastModified": "2024-11-21T04:43:39.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:17.103",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4485
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164069 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164069 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda utilizarse en otros ataques contra el Sistema. ID de IBM X-Force: 164069."
}
],
"id": "CVE-2019-4485",
"lastModified": "2024-11-21T04:43:39.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:17.183",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4483
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164067 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164067 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880223 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
},
{
"lang": "es",
"value": "IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 es vulnerable a la inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente dise\u00f1adas, lo que podr\u00eda permitir al atacante ver, agregar, modificar o eliminar informaci\u00f3n en la base de datos back-end. ID de IBM X-Force: 164067."
}
],
"id": "CVE-2019-4483",
"lastModified": "2024-11-21T04:43:39.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:17.043",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4481
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164064 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164064 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880223 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
},
{
"lang": "es",
"value": "IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 es vulnerable a la inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente dise\u00f1adas, lo que podr\u00eda permitir al atacante ver, agregar, modificar o eliminar informaci\u00f3n en la base de datos back-end. ID de IBM X-Forc"
}
],
"id": "CVE-2019-4481",
"lastModified": "2024-11-21T04:43:39.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:16.947",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-4308
Vulnerability from fkie_nvd - Published: 2019-08-20 19:15 - Updated: 2024-11-21 04:43
Severity ?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/161034 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/161034 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880221 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * | |
| ibm | emptoris_sourcing | * | |
| ibm | emptoris_spend_analysis | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783",
"versionEndIncluding": "10.1.3",
"versionStartIncluding": "10.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
},
{
"lang": "es",
"value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 podr\u00eda permitir a un usuario autenticado obtener informaci\u00f3n confidencial de los mensajes de error IBM X-Force ID: 161034."
}
],
"id": "CVE-2019-4308",
"lastModified": "2024-11-21T04:43:27.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T19:15:11.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1961
Vulnerability from fkie_nvd - Published: 2019-04-29 17:29 - Updated: 2024-11-21 04:00
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/153657 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10731107 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/153657 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10731107 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | emptoris_contract_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC45F7A-EEBE-4898-A71C-59472B7715FF",
"versionEndIncluding": "10.1.3.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657."
},
{
"lang": "es",
"value": "IBM Emptoris Contract Management en las versiones 10.0.0 y 10.1.3.0, podr\u00edan revelar informaci\u00f3n sensible a partir de informaci\u00f3n detallada de mensajes de error. IBM X-Force ID: 153657."
}
],
"id": "CVE-2018-1961",
"lastModified": "2024-11-21T04:00:39.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-29T17:29:00.230",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6018
Vulnerability from fkie_nvd - Published: 2017-07-19 20:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005664 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99624 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/116738 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005664 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99624 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/116738 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68E60709-D987-40D5-A71C-B2EF04D51081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE59830-76AB-4458-8DBD-470DA0719B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75785255-04E0-4A00-A6CE-FFEECEDEEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "68916D40-3CF4-4614-BDD1-31681F739598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB5F69-ABC1-4559-BBC0-BD6286A01CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4E61E896-E6BE-4F07-9757-D4F48B5D2592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D4C866-1F2B-4AA7-AC8F-CC8FB949FEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D032B679-BF6B-4782-8428-8C35585E6AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "69B99D83-E756-43F0-98BE-37E0BE105C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "875E1BE3-EB63-481E-A50F-E8D8BAE4EF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E08851-82B3-42BF-AD4B-DE7DF1F8A942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "86162399-4087-432D-A198-993C9533349E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AA294C3A-7271-410B-9A17-5BACA73168AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B122A0E9-B5BA-4518-90E8-1ACC45621D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "386B9AB2-B463-4A41-9CA4-1EB6F8572FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3D5E12-64D5-4CA0-BB39-CA55F6327E8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738."
},
{
"lang": "es",
"value": "IBM Emptoris Contract Management versiones 10.0 y 10.1, revela mensajes de error detallados en ciertas caracter\u00edsticas que podr\u00edan causar que un atacante conseguir informaci\u00f3n adicional para conducir nuevos ataques. ID de IBM X-Force: 116738."
}
],
"id": "CVE-2016-6018",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-19T20:29:00.180",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99624"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7398
Vulnerability from fkie_nvd - Published: 2016-02-15 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68E60709-D987-40D5-A71C-B2EF04D51081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D71EC5A-C9EE-4A2B-AA1E-E6987736ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE59830-76AB-4458-8DBD-470DA0719B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75785255-04E0-4A00-A6CE-FFEECEDEEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "68916D40-3CF4-4614-BDD1-31681F739598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "386B9AB2-B463-4A41-9CA4-1EB6F8572FFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Emptoris Contract Management 9.5.0.x en versiones anteriores a 9.5.0.6 iFix15, 10.0.0.x y 10.0.1.x en versiones anteriores a 10.0.1.5 iFix5, 10.0.2.x en versiones anteriores a 10.0.2.7 iFix4 y 10.0.4.x en versiones anteriores a 10.0.4.0 iFix3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-7398",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-15T02:59:09.497",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5050
Vulnerability from fkie_nvd - Published: 2016-02-15 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68E60709-D987-40D5-A71C-B2EF04D51081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D71EC5A-C9EE-4A2B-AA1E-E6987736ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE59830-76AB-4458-8DBD-470DA0719B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75785255-04E0-4A00-A6CE-FFEECEDEEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "68916D40-3CF4-4614-BDD1-31681F739598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "386B9AB2-B463-4A41-9CA4-1EB6F8572FFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM Emptoris Contract Management 9.5.0.x en versiones anteriores a 9.5.0.6 iFix15, 10.0.0.x y 10.0.1.x en versiones anteriores a 10.0.1.5 iFix5, 10.0.2.x en versiones anteriores a 10.0.2.7 iFix4 y 10.0.4.x en versiones anteriores a 10.0.4.0 iFix3 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios en peticiones que insertan secuencias XSS."
}
],
"id": "CVE-2015-5050",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-15T02:59:08.530",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-5042
Vulnerability from fkie_nvd - Published: 2016-02-15 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F3C251-C3BA-4304-9878-102F3F2FFFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DA8E24-DDBC-48E0-A2A3-57E06CDCF85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70478E47-1C52-45E6-92A9-698CA5C25C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B85D7E5-9D5B-4B77-A032-3BF92C2EF735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A9BD0-6E1F-4758-AEF3-E10CC4F9FDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "479D5852-9127-4AB3-82BB-37A552C14781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "991D88E6-740E-4F75-B616-5179B015A9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BD708C-D51D-4990-8262-52DB13B7EDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "629E78F5-0CEE-4CC2-8C4B-949D15531905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "808FE7AE-3D37-4646-AE54-6D430122DBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "892A2283-35E9-4E61-A6D0-B3AF6FE16869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDC9134-E550-495D-92E7-81CF72A2CC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5470C2-DEB2-4DB9-9637-908FD1A0AE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6398295F-71CC-41F7-8258-624BC208EF89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D089951B-A834-4B94-9979-F9466AA0A106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6827F5B1-0114-472F-9991-14F8B49D8B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BAC0A1-FAE0-49F1-AE13-7022122A8E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB8BBCB-22B3-4C96-9DF9-66163EFBA40D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68E60709-D987-40D5-A71C-B2EF04D51081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D71EC5A-C9EE-4A2B-AA1E-E6987736ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE59830-76AB-4458-8DBD-470DA0719B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "75785255-04E0-4A00-A6CE-FFEECEDEEF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "68916D40-3CF4-4614-BDD1-31681F739598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:10.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "386B9AB2-B463-4A41-9CA4-1EB6F8572FFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file."
},
{
"lang": "es",
"value": "IBM Emptoris Contract Management 9.5.0.x en versiones anteriores a 9.5.0.6 iFix15, 10.0.0.x y 10.0.1.x en versiones anteriores a 10.0.1.5 iFix5, 10.0.2.x en versiones anteriores a 10.0.2.7 iFix4 y 10.0.4.x en versiones anteriores a 10.0.4.0 iFix3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la inclusi\u00f3n de un archivo Flash manipulado."
}
],
"id": "CVE-2015-5042",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-15T02:59:07.560",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-4897 (GCVE-0-2020-4897)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-17 03:14
VLAI?
Summary
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/PR:N/A:N/AC:L/AV:N/UI:N/S:U/C:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398276",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"name": "https://www.ibm.com/support/pages/node/6398280",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4897",
"datePublished": "2021-01-07T17:40:29.989612Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:14:32.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4892 (GCVE-0-2020-4892)
Vulnerability from cvelistv5 – Published: 2021-01-07 17:40 – Updated: 2024-09-16 18:54
VLAI?
Summary
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.1.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/A:N/PR:L/C:L/S:C/UI:R/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398274",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398274 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4892",
"datePublished": "2021-01-07T17:40:27.447452Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:54:37.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4485 (GCVE-0-2019-4485)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4485",
"datePublished": "2019-08-20T18:25:27.111414Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:50:37.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4484 (GCVE-0-2019-4484)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4484",
"datePublished": "2019-08-20T18:25:27.063733Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:06.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4483 (GCVE-0-2019-4483)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:51
VLAI?
Summary
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
Severity ?
CWE
- Data Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194483-sql-injection (164067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/I:H/PR:L/S:U/AV:N/AC:L/C:L/A:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194483-sql-injection (164067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880223 (Contract Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194483-sql-injection (164067)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4483",
"datePublished": "2019-08-20T18:25:27.014567Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:51:43.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4481 (GCVE-0-2019-4481)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:10
VLAI?
Summary
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
Severity ?
CWE
- Data Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Spend Analysis |
Affected:
10.1.0
Affected: 10.1.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194481-sql-injection (164064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/A:L/AC:L/S:U/AV:N/UI:N/PR:L/I:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194481-sql-injection (164064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880223 (Contract Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194481-sql-injection (164064)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4481",
"datePublished": "2019-08-20T18:25:26.966240Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:10:37.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4308 (GCVE-0-2019-4308)
Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4308",
"datePublished": "2019-08-20T18:25:26.552896Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:40:47.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1961 (GCVE-0-2018-1961)
Vulnerability from cvelistv5 – Published: 2019-04-29 16:35 – Updated: 2024-09-16 21:08
VLAI?
Summary
IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.0.0
Affected: 10.1.3 Affected: 10.1.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"name": "ibm-emptoris-cve20181961-info-disc (153657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.3"
},
{
"status": "affected",
"version": "10.1.3.0"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AC:L/UI:N/PR:N/A:N/C:L/S:U/AV:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T16:35:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"name": "ibm-emptoris-cve20181961-info-disc (153657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-13T00:00:00",
"ID": "CVE-2018-1961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.0.0"
},
{
"version_value": "10.1.3"
},
{
"version_value": "10.1.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731107",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 731107 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"name": "ibm-emptoris-cve20181961-info-disc (153657)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1961",
"datePublished": "2019-04-29T16:35:17.556246Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T21:08:09.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6018 (GCVE-0-2016-6018)
Vulnerability from cvelistv5 – Published: 2017-07-19 20:00 – Updated: 2024-09-16 18:45
VLAI?
Summary
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"name": "99624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-20T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"name": "99624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2016-6018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005664",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"name": "99624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6018",
"datePublished": "2017-07-19T20:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T18:45:13.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4897 (GCVE-0-2020-4897)
Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-17 03:14
VLAI?
Summary
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.1.0
Affected: 10.1.1 Affected: 10.1.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/PR:N/A:N/AC:L/AV:N/UI:N/S:U/C:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:29",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398276",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398276 (Emptoris Spend Analysis)",
"url": "https://www.ibm.com/support/pages/node/6398276"
},
{
"name": "https://www.ibm.com/support/pages/node/6398280",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398280 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/pages/node/6398280"
},
{
"name": "ibm-emptoris-cve20204897-info-disc (190988)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4897",
"datePublished": "2021-01-07T17:40:29.989612Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:14:32.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4892 (GCVE-0-2020-4892)
Vulnerability from nvd – Published: 2021-01-07 17:40 – Updated: 2024-09-16 18:54
VLAI?
Summary
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.1.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2021-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/A:N/PR:L/C:L/S:C/UI:R/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-07T17:40:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-01-06T00:00:00",
"ID": "CVE-2020-4892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6398274",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6398274 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/pages/node/6398274"
},
{
"name": "ibm-emptoris-cve20204892-xss (190979)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4892",
"datePublished": "2021-01-07T17:40:27.447452Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:54:37.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4485 (GCVE-0-2019-4485)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:50
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194485-info-disc (164069)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4485",
"datePublished": "2019-08-20T18:25:27.111414Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:50:37.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4484 (GCVE-0-2019-4484)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:01
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/PR:L/UI:N/AV:N/S:U/AC:L/A:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194484-info-disc (164068)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4484",
"datePublished": "2019-08-20T18:25:27.063733Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:01:06.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4483 (GCVE-0-2019-4483)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 01:51
VLAI?
Summary
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.
Severity ?
CWE
- Data Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Contract Management |
Affected:
10.1.0
Affected: 10.1.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194483-sql-injection (164067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/I:H/PR:L/S:U/AV:N/AC:L/C:L/A:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:27",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194483-sql-injection (164067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880223 (Contract Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194483-sql-injection (164067)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4483",
"datePublished": "2019-08-20T18:25:27.014567Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:51:43.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4481 (GCVE-0-2019-4481)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 02:10
VLAI?
Summary
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064.
Severity ?
CWE
- Data Manipulation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Spend Analysis |
Affected:
10.1.0
Affected: 10.1.3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194481-sql-injection (164064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/A:L/AC:L/S:U/AV:N/UI:N/PR:L/I:H/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194481-sql-injection (164064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164064."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880223",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880223 (Contract Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880223"
},
{
"name": "ibm-emptoris-cve20194481-sql-injection (164064)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164064"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4481",
"datePublished": "2019-08-20T18:25:26.966240Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:10:37.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4308 (GCVE-0-2019-4308)
Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:40
VLAI?
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| IBM | Emptoris Sourcing |
Affected:
10.1.0
Affected: 10.1.3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Sourcing",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
},
{
"product": "Emptoris Spend Analysis",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.1.3"
}
]
}
],
"datePublic": "2019-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-20T18:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-08-13T00:00:00",
"ID": "CVE-2019-4308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Contract Management",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
},
{
"product_name": "Emptoris Spend Analysis",
"version": {
"version_data": [
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
},
{
"name": "ibm-emptoris-cve20194308-info-disc (161034)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4308",
"datePublished": "2019-08-20T18:25:26.552896Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:40:47.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1961 (GCVE-0-2018-1961)
Vulnerability from nvd – Published: 2019-04-29 16:35 – Updated: 2024-09-16 21:08
VLAI?
Summary
IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.0.0
Affected: 10.1.3 Affected: 10.1.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"name": "ibm-emptoris-cve20181961-info-disc (153657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.3"
},
{
"status": "affected",
"version": "10.1.3.0"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AC:L/UI:N/PR:N/A:N/C:L/S:U/AV:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T16:35:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"name": "ibm-emptoris-cve20181961-info-disc (153657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-13T00:00:00",
"ID": "CVE-2018-1961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.0.0"
},
{
"version_value": "10.1.3"
},
{
"version_value": "10.1.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731107",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 731107 (Emptoris Contract Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731107"
},
{
"name": "ibm-emptoris-cve20181961-info-disc (153657)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153657"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1961",
"datePublished": "2019-04-29T16:35:17.556246Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T21:08:09.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6018 (GCVE-0-2016-6018)
Vulnerability from nvd – Published: 2017-07-19 20:00 – Updated: 2024-09-16 18:45
VLAI?
Summary
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Emptoris Contract Management |
Affected:
10.0.0.0
Affected: 10.0.1.0 Affected: 10.0.2.0 Affected: 10.0.4.0 Affected: 10.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"name": "99624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Emptoris Contract Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.0.0.0"
},
{
"status": "affected",
"version": "10.0.1.0"
},
{
"status": "affected",
"version": "10.0.2.0"
},
{
"status": "affected",
"version": "10.0.4.0"
},
{
"status": "affected",
"version": "10.1.0"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-20T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"name": "99624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-17T00:00:00",
"ID": "CVE-2016-6018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Contract Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116738"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005664",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005664"
},
{
"name": "99624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6018",
"datePublished": "2017-07-19T20:00:00Z",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-09-16T18:45:13.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}