CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-14090

Malware in sbrugna...

9.8CVSS7.9AI score0.00452EPSS

OSV•added 2021/01/07 6:15 p.m.•2 views

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5.3CVSS6.1AI score0.00256EPSS

IBM Security Bulletins•added 2021/01/06 7:30 a.m.•12 views

Security Bulletin: Information Disclosure Vulnerability Affects IBM Emptoris Spend Analysis (CVE-2020-4897)

Summary Verbose application errors information disclosure affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-4897 DESCRIPTION: IBM Emptoris could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Thi...

5.3CVSS5.3AI score0.00256EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2020/12/03 9:54 a.m.•38 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.3466EPSS

Exploits11Affected Software1

OSV•added 2020/02/20 5:15 p.m.•2 views

CVE-2019-4752

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

8.8CVSS7.2AI score0.00587EPSS

CNVD•added 2020/02/20 12:0 a.m.•1 views

IBM Emptoris Spend Analysis SQL Injection Vulnerability (CNVD-2020-13057)

IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. A SQL injection vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.3.x, 10.1.1.x, and 10.1.0.x. The vulnerabilit...

8.8CVSS7.6AI score0.00587EPSS

IBM Security Bulletins•added 2020/02/19 6:28 a.m.•21 views

Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis (CVE-2019-4752)

Summary SQL Injection affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2019-4752 DESCRIPTION: IBM Emptoris Strategic Supply Management Platform is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to vie...

8.8CVSS9.1AI score0.00587EPSS

Exploits0Affected Software1

CNVD•added 2019/08/21 12:0 a.m.•1 views

IBM Emptoris Spend Analysis SQL Injection Vulnerability

9.8CVSS7.7AI score0.00452EPSS

CNVD•added 2019/08/21 12:0 a.m.•1 views

IBM Emptoris Spend Analysis Information Disclosure Vulnerability

IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. An information disclosure vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3, which arises from...

4.3CVSS6.1AI score0.00156EPSS

CNVD•added 2019/08/21 12:0 a.m.•1 views

IBM Emptoris Spend Analysis Cross-Site Scripting Vulnerability (CNVD-2019-31127)

IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. A cross-site scripting vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3, which can be exploit...

5.4CVSS6.4AI score0.00158EPSS

NVD•added 2019/08/20 8:15 p.m.•10 views

CVE-2019-4482

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

5.4CVSS5.2AI score0.00158EPSS

Prion•added 2019/08/20 8:15 p.m.•10 views

Cross site scripting

3.5CVSS5.2AI score0.00158EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/08/20 7:30 p.m.•10 views

CVE-2019-4482

5.4CVSS5.2AI score0.00158EPSS

OSV•added 2019/08/20 7:15 p.m.•1 views

CVE-2019-4483

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...

9.8CVSS7.2AI score

OSV•added 2019/08/20 7:15 p.m.•2 views

CVE-2019-4485

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...

4.3CVSS5.8AI score0.00156EPSS

NVD•added 2019/08/20 7:15 p.m.•9 views

CVE-2019-4483

9.8CVSS8.2AI score0.00452EPSS

OSV•added 2019/08/20 7:15 p.m.•2 views

CVE-2019-4481

9.8CVSS5.9AI score0.00452EPSS

NVD•added 2019/08/20 7:15 p.m.•9 views

CVE-2019-4481

9.8CVSS8.2AI score0.00452EPSS

OSV•added 2019/08/20 7:15 p.m.•2 views

CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...

4.3CVSS5.8AI score