8 matches found
IBM Emptoris Spend Analysis Information Disclosure Vulnerability
IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. An information disclosure vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3, which arises from...
CVE-2019-4482
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2019-4483
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...
Information disclosure
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...
PT-2019-17105 · Ibm · Ibm Emptoris Spend Analysis +2
Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue generates an error message that includes sensitive...
PT-2019-17029 · Ibm · Ibm Emptoris Spend Analysis +2
Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows an authenticated user to obtain sensitive...
PT-2019-17051 · Ibm +2 · Ibm Spectrum Protect Plus +2
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Plus versions 10.1.0 through 10.1.3 Description: The issue concerns an escalation of user privileges that may occur during a redirected restore operation when protecting Oracle or MongoDB databases. Recommendations: For...
PT-2019-17045 · Ibm +2 · Ibm Spectrum Protect Plus +3
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Plus versions 10.1.0 through 10.1.3 Description: The issue allows execution of arbitrary code on the system when performing a redirected restore operation that specifies a target path, particularly when protecting Oracle,...