Lucene search

K

Contract Management Security Vulnerabilities

cve
cve

CVE-2022-41273

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP...

6.1CVSS

6.2AI Score

0.001EPSS

2022-12-13 04:15 AM
28
cve
cve

CVE-2022-35198

Contract Management System v2.0 contains a weak default password which gives attackers to access database connection...

7.5CVSS

7.5AI Score

0.002EPSS

2022-08-18 06:15 AM
24
5
cve
cve

CVE-2020-4892

IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS

5.2AI Score

0.001EPSS

2021-01-07 06:15 PM
21
cve
cve

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5.3CVSS

4.8AI Score

0.001EPSS

2021-01-07 06:15 PM
27
cve
cve

CVE-2019-20153

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration.....

4.9CVSS

5.1AI Score

0.003EPSS

2020-01-05 11:15 PM
53
cve
cve

CVE-2019-20155

An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying...

8.8CVSS

8.8AI Score

0.001EPSS

2020-01-05 11:15 PM
57
cve
cve

CVE-2019-20154

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or...

6.1CVSS

5.9AI Score

0.001EPSS

2020-01-05 11:15 PM
48
cve
cve

CVE-2019-4485

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID:...

4.3CVSS

4.3AI Score

0.001EPSS

2019-08-20 07:15 PM
20
cve
cve

CVE-2019-4484

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID:...

4.3CVSS

4.3AI Score

0.001EPSS

2019-08-20 07:15 PM
23
cve
cve

CVE-2019-4483

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM....

9.8CVSS

9.1AI Score

0.001EPSS

2019-08-20 07:15 PM
22
cve
cve

CVE-2019-4481

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM....

9.8CVSS

9.1AI Score

0.001EPSS

2019-08-20 07:15 PM
21
cve
cve

CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID:...

4.3CVSS

4.1AI Score

0.001EPSS

2019-08-20 07:15 PM
28
cve
cve

CVE-2018-1961

IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID:...

5.3CVSS

4.9AI Score

0.001EPSS

2019-04-29 05:29 PM
20
cve
cve

CVE-2017-14841

Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image...

6.5CVSS

6.4AI Score

0.004EPSS

2017-09-28 01:29 AM
23
cve
cve

CVE-2016-6018

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID:...

4.3CVSS

5.4AI Score

0.001EPSS

2017-07-19 08:29 PM
18
cve
cve

CVE-2016-0635

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master....

8.8CVSS

7.9AI Score

0.003EPSS

2016-07-21 10:12 AM
37
4
cve
cve

CVE-2015-7398

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a....

5.4CVSS

5.5AI Score

0.001EPSS

2016-02-15 02:59 AM
17
cve
cve

CVE-2015-5050

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of...

8.8CVSS

8.6AI Score

0.001EPSS

2016-02-15 02:59 AM
19
cve
cve

CVE-2015-5042

IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash...

7.5CVSS

8.2AI Score

0.002EPSS

2016-02-15 02:59 AM
17
cve
cve

CVE-2014-6212

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and...

6.3AI Score

0.001EPSS

2015-01-10 02:59 AM
20
cve
cve

CVE-2014-3041

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified...

9.2AI Score

0.001EPSS

2014-08-26 02:55 PM
25
cve
cve

CVE-2014-3034

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

6.8AI Score

0.001EPSS

2014-08-26 02:55 PM
23
cve
cve

CVE-2014-3040

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x...

9AI Score

0.001EPSS

2014-08-26 10:55 AM
17