168 matches found
Information disclosure
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...
Information disclosure
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...
Information disclosure
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...
Sql injection
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...
Sql injection
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...
CVE-2019-4485
The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis
CVE-2019-4484
IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...
CVE-2019-4483
Affected products: IBM Contract Management and IBM Emptoris Spend Analysis, versions 10.1.0–10.1.3. The issue is an SQL injection that allows a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. Root cause: improper handling ...
CVE-2019-4484
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...
CVE-2019-4485
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...
CVE-2019-4308
IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...
CVE-2019-4481
CVE-2019-4481 affects IBM Contract Management 10.1.0–10.1.3 and IBM Emptoris Spend Analysis 10.1.0–10.1.3, per multiple sources. The vulnerability is a SQL injection in which a remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end databas...
CVE-2019-4481
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...
CVE-2019-4308
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...
PT-2019-17029 · Ibm · Ibm Emptoris Spend Analysis +2
Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows an authenticated user to obtain sensitive...
PT-2019-17105 · Ibm · Ibm Emptoris Spend Analysis +2
Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue generates an error message that includes sensitive...
PT-2019-17101 · Ibm · Ibm Emptoris Spend Analysis +1
Name of the Vulnerable Software and Affected Versions: IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows a remote attacker to send specially-crafted SQL statements, which could enable the attacker to vie...
PT-2019-17103 · Ibm · Ibm Emptoris Spend Analysis +1
Name of the Vulnerable Software and Affected Versions: IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows a remote attacker to send specially-crafted SQL statements, potentially enabling the attacker to...
PT-2019-17104 · Ibm · Ibm Emptoris Spend Analysis +2
Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue generates an error message that includes sensitive...
PT-2019-17102 · Ibm · Ibm Emptoris Spend Analysis
Name of the Vulnerable Software and Affected Versions: IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...