Lucene search

[email protected]CVE-2020-4897

HistoryJan 07, 2021 - 6:15 p.m.

CVE-2020-4897

2021-01-0718:15:13

CWE-209

[email protected]

web.nvd.nist.gov

ibm

emptoris

contract management

spend analysis

remote attack

sensitive information

security vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.6%

JSON

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.

Affected configurations

Vulners

NVD

Node

ibmemptoris_contract_managementMatch10.1.0

ibmemptoris_contract_managementMatch10.1.1

ibmemptoris_contract_managementMatch10.1.3

ibmemptoris_spend_analysisMatch10.1.0

ibmemptoris_spend_analysisMatch10.1.1

ibmemptoris_spend_analysisMatch10.1.3

VendorProductVersionCPE
ibmemptoris_contract_management10.1.0cpe:2.3:a:ibm:emptoris_contract_management:10.1.0:*:*:*:*:*:*:*
ibmemptoris_contract_management10.1.1cpe:2.3:a:ibm:emptoris_contract_management:10.1.1:*:*:*:*:*:*:*
ibmemptoris_contract_management10.1.3cpe:2.3:a:ibm:emptoris_contract_management:10.1.3:*:*:*:*:*:*:*
ibmemptoris_spend_analysis10.1.0cpe:2.3:a:ibm:emptoris_spend_analysis:10.1.0:*:*:*:*:*:*:*
ibmemptoris_spend_analysis10.1.1cpe:2.3:a:ibm:emptoris_spend_analysis:10.1.1:*:*:*:*:*:*:*
ibmemptoris_spend_analysis10.1.3cpe:2.3:a:ibm:emptoris_spend_analysis:10.1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	emptoris_contract_management	10.1.0	cpe:2.3:a:ibm:emptoris_contract_management:10.1.0:::::::*
ibm	emptoris_contract_management	10.1.1	cpe:2.3:a:ibm:emptoris_contract_management:10.1.1:::::::*
ibm	emptoris_contract_management	10.1.3	cpe:2.3:a:ibm:emptoris_contract_management:10.1.3:::::::*
ibm	emptoris_spend_analysis	10.1.0	cpe:2.3:a:ibm:emptoris_spend_analysis:10.1.0:::::::*
ibm	emptoris_spend_analysis	10.1.1	cpe:2.3:a:ibm:emptoris_spend_analysis:10.1.1:::::::*
ibm	emptoris_spend_analysis	10.1.3	cpe:2.3:a:ibm:emptoris_spend_analysis:10.1.3:::::::*

CNA Affected

[
  {
    "product": "Emptoris Contract Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      },
      {
        "status": "affected",
        "version": "10.1.3"
      }
    ]
  },
  {
    "product": "Emptoris Spend Analysis",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      },
      {
        "status": "affected",
        "version": "10.1.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/190988

www.ibm.com/support/pages/node/6398276

www.ibm.com/support/pages/node/6398280

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.6%

JSON

Related for CVE-2020-4897

ibm2 cvelist1 prion1 nvd1