CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties.IBM Emptoris Spend Analysis is a web-based information and management tool that supports organizations in consolidating spend data from dispersed and disparate...

5.3CVSS6AI score0.00256EPSS

Exploits0References1

OSV•added 2021/01/07 6:15 p.m.•1 views

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

5.3CVSS6.1AI score0.00256EPSS

Exploits0References3

NVD•added 2021/01/07 6:15 p.m.•8 views

CVE-2020-4897

5.3CVSS4.9AI score0.00256EPSS

Exploits0References3

Prion•added 2021/01/07 6:15 p.m.•8 views

Information disclosure

5CVSS4.8AI score0.00256EPSS

Exploits0References3Affected Software2

CVE•added 2021/01/07 5:40 p.m.•44 views

CVE-2020-4897

CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...

5.3CVSS4.8AI score0.00256EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/01/07 5:40 p.m.•14 views

CVE-2020-4897

5.3CVSS4.9AI score0.00256EPSS

Exploits0References3

CNNVD•added 2021/01/07 12:0 a.m.•1 views

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 安全漏洞

5.3CVSS6.1AI score0.00256EPSS

Exploits0References4

IBM Security Bulletins•added 2021/01/06 7:30 a.m.•12 views

Security Bulletin: Information Disclosure Vulnerability Affects IBM Emptoris Spend Analysis (CVE-2020-4897)

Summary Verbose application errors information disclosure affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-4897 DESCRIPTION: IBM Emptoris could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Thi...

5.3CVSS5.3AI score0.00256EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2020/12/03 9:54 a.m.•38 views

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

6.9CVSS7.2AI score0.3466EPSS

Exploits11Affected Software1

OSV•added 2020/02/20 5:15 p.m.•1 views

CVE-2019-4752

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-e...

8.8CVSS7.2AI score0.00587EPSS

Exploits0References3

Prion•added 2020/02/20 5:15 p.m.•13 views

Sql injection

6.5CVSS8.5AI score0.00587EPSS

Exploits0References3Affected Software2

CVE•added 2020/02/20 4:45 p.m.•54 views

CVE-2019-4752

The CVE-2019-4752 issue affects IBM Emptoris Strategic Supply Management Platform (and Emptoris Spend Analysis) versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The vulnerability is SQL injection allowing a remote attacker to cause unauthorized view/modify/delete of back-end data. IBM’s security bullet...

8.8CVSS8.7AI score0.00587EPSS

Exploits0References3Affected Software2

CNVD•added 2020/02/20 12:0 a.m.•1 views

IBM Emptoris Spend Analysis SQL Injection Vulnerability (CNVD-2020-13057)

IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. A SQL injection vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.3.x, 10.1.1.x, and 10.1.0.x. The vulnerabilit...

8.8CVSS7.6AI score0.00587EPSS

Exploits0References1

IBM Security Bulletins•added 2020/02/19 6:28 a.m.•21 views

Security Bulletin: SQL Injection Affects IBM Emptoris Spend Analysis (CVE-2019-4752)

Summary SQL Injection affects IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2019-4752 DESCRIPTION: IBM Emptoris Strategic Supply Management Platform is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to vie...

8.8CVSS9.1AI score0.00587EPSS

Exploits0Affected Software1

CNVD•added 2019/08/21 12:0 a.m.•1 views

IBM Emptoris Spend Analysis SQL Injection Vulnerability

9.8CVSS7.7AI score0.00452EPSS

Exploits0References1

CNVD•added 2019/08/21 12:0 a.m.•1 views

IBM Emptoris Spend Analysis Information Disclosure Vulnerability

IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. An information disclosure vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3, which arises from...

4.3CVSS6.1AI score0.00156EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by