Lucene search
+L

168 matches found

Prion
Prion
added 2019/08/20 7:15 p.m.23 views

Information disclosure

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...

4CVSS4.2AI score0.00994EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2019/08/20 7:15 p.m.13 views

Information disclosure

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...

4CVSS4AI score0.00994EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2019/08/20 7:15 p.m.21 views

Information disclosure

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...

4CVSS4.2AI score0.00994EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2019/08/20 7:15 p.m.26 views

Sql injection

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...

7.5CVSS9.1AI score0.01959EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2019/08/20 7:15 p.m.21 views

Sql injection

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...

7.5CVSS9.1AI score0.01959EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/08/20 6:25 p.m.43 views

CVE-2019-4485

The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis

4.3CVSS4.3AI score0.00994EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4484

IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...

4.3CVSS4.3AI score0.00994EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2019/08/20 6:25 p.m.47 views

CVE-2019-4483

Affected products: IBM Contract Management and IBM Emptoris Spend Analysis, versions 10.1.0–10.1.3. The issue is an SQL injection that allows a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. Root cause: improper handling ...

9.8CVSS9.1AI score0.01959EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/08/20 6:25 p.m.22 views

CVE-2019-4484

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...

4.3CVSS4.3AI score0.00994EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/20 6:25 p.m.20 views

CVE-2019-4485

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...

4.3CVSS4.3AI score0.00994EPSS
Exploits0References2
CVE
CVE
added 2019/08/20 6:25 p.m.48 views

CVE-2019-4308

IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...

4.3CVSS4.1AI score0.00994EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4481

CVE-2019-4481 affects IBM Contract Management 10.1.0–10.1.3 and IBM Emptoris Spend Analysis 10.1.0–10.1.3, per multiple sources. The vulnerability is a SQL injection in which a remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end databas...

9.8CVSS9.1AI score0.01959EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/08/20 6:25 p.m.21 views

CVE-2019-4481

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...

7.6CVSS9.3AI score0.01959EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/20 6:25 p.m.20 views

CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034...

4.3CVSS4.2AI score0.00994EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.7 views

PT-2019-17029 · Ibm · Ibm Emptoris Spend Analysis +2

Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows an authenticated user to obtain sensitive...

4.3CVSS4.2AI score0.00994EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.5 views

PT-2019-17105 · Ibm · Ibm Emptoris Spend Analysis +2

Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue generates an error message that includes sensitive...

4.3CVSS4.4AI score0.00994EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.6 views

PT-2019-17101 · Ibm · Ibm Emptoris Spend Analysis +1

Name of the Vulnerable Software and Affected Versions: IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows a remote attacker to send specially-crafted SQL statements, which could enable the attacker to vie...

9.8CVSS7.8AI score0.01959EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.6 views

PT-2019-17103 · Ibm · Ibm Emptoris Spend Analysis +1

Name of the Vulnerable Software and Affected Versions: IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows a remote attacker to send specially-crafted SQL statements, potentially enabling the attacker to...

9.8CVSS7.7AI score0.01959EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.6 views

PT-2019-17104 · Ibm · Ibm Emptoris Spend Analysis +2

Name of the Vulnerable Software and Affected Versions: IBM Emptoris Sourcing versions 10.1.0 through 10.1.3 IBM Contract Management versions 10.1.0 through 10.1.3 IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue generates an error message that includes sensitive...

4.3CVSS4.4AI score0.00994EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.6 views

PT-2019-17102 · Ibm · Ibm Emptoris Spend Analysis

Name of the Vulnerable Software and Affected Versions: IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

5.4CVSS5.5AI score0.00673EPSS
Exploits0References3
Rows per page
Query Builder