Lucene search
K
IbmEmptoris Contract Management

16 matches found

CVE
CVE
added 2021/01/07 5:40 p.m.52 views

CVE-2020-4897

CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...

5.3CVSS4.8AI score0.01578EPSS
CVE
CVE
added 2016/02/15 2:0 a.m.51 views

CVE-2015-5050

IBM Emptoris Contract Management contains a CSRF vulnerability (CVE-2015-5050) affecting multiple tracked branches: 9.5.0.x before 9.5.0.6 iFix15; 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5; 10.0.2.x before 10.0.2.7 iFix4; and 10.0.4.x before 10.0.4.0 iFix3. The issue allows remote authenticated...

8.8CVSS8.6AI score0.0055EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4481

CVE-2019-4481 affects IBM Contract Management 10.1.0–10.1.3 and IBM Emptoris Spend Analysis 10.1.0–10.1.3, per multiple sources. The vulnerability is a SQL injection in which a remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end databas...

9.8CVSS9.1AI score0.01959EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4484

IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...

4.3CVSS4.3AI score0.00994EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.48 views

CVE-2019-4308

IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...

4.3CVSS4.1AI score0.00994EPSS
CVE
CVE
added 2014/08/26 2:0 p.m.47 views

CVE-2014-3034

The CVE-2014-3034 entry describes a cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management. It affects IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2. The flaw all...

3.5CVSS6.8AI score0.00936EPSS
CVE
CVE
added 2014/08/26 2:0 p.m.47 views

CVE-2014-3041

IBM Emptoris Contract Management is affected by CVE-2014-3041, a SQL injection vulnerability in 9.5.x before 9.5.0.6 iFix 10; 10.0.0.x before 10.0.0.1 iFix 10; 10.0.1.x before 10.0.1.4; and 10.0.2.x before 10.0.2.2 iFix 2. Remote authenticated users can execute arbitrary SQL commands via unspecif...

6.5CVSS9.2AI score0.01029EPSS
CVE
CVE
added 2019/04/29 4:35 p.m.46 views

CVE-2018-1961

CVE-2018-1961 affects IBM Emptoris Contract Management 10.0.x through 10.1.3.x. The vulnerability arises from the product generating more detailed error messages, potentially allowing disclosure of sensitive information. IBM’s security bulletin confirms the issue and lists remediation as applying...

5.3CVSS4.9AI score0.01301EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.46 views

CVE-2019-4483

Affected products: IBM Contract Management and IBM Emptoris Spend Analysis, versions 10.1.0–10.1.3. The issue is an SQL injection that allows a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. Root cause: improper handling ...

9.8CVSS9.1AI score0.01959EPSS
CVE
CVE
added 2015/01/10 2:0 a.m.45 views

CVE-2014-6212

The CVE-2014-6212 issue is an XML External Entity (XXE) vulnerability in IBM Emptoris family products (Contract Management, Sourcing, Program Management/SSMP). The Echo API across multiple versions (Contract Management 9.5.x up to 9.5.0.6 iFix11; 10.0.0.x up to 10.0.0.1 iFix12; 10.0.1.x up to 10....

4CVSS6.3AI score0.01419EPSS
CVE
CVE
added 2016/02/15 2:0 a.m.45 views

CVE-2015-7398

CVE-2015-7398 is a cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management. The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Affected are IBM Emptoris Contract Management releases: 9.5.0.x before 9.5.0.6 iFix15; 10.0.0.x an...

5.4CVSS5.5AI score0.00622EPSS
CVE
CVE
added 2017/07/19 8:0 p.m.44 views

CVE-2016-6018

CVE-2016-6018 affects IBM Emptoris Contract Management 10.0 and 10.1, where detailed error messages in certain features could allow an attacker to obtain additional information for further actions. The vulnerability is characterized as an information disclosure issue (information exposure) with a...

4.3CVSS5.4AI score0.00962EPSS
CVE
CVE
added 2014/08/26 10:0 a.m.43 views

CVE-2014-3040

CVE-2014-3040 is a CSRF vulnerability in IBM Emptoris family (Contract Management, Sourcing Portfolio, Spend Analysis). The flaw affects multiple versions across 9.5.x and 10.x, where remote authenticated users can hijack a user’s session by crafting requests that insert XSS sequences. Affected c...

6CVSS9AI score0.00851EPSS
CVE
CVE
added 2016/02/15 2:0 a.m.43 views

CVE-2015-5042

CVE-2015-5042 affects IBM Emptoris Contract Management. Multiple product lines are impacted: 9.5.0.x before 9.5.0.6 iFix15; 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5; 10.0.2.x before 10.0.2.7 iFix4; and 10.0.4.x before 10.0.4.0 iFix3. The vulnerability allows remote attackers to execute arbitra...

7.5CVSS8.2AI score0.01764EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.43 views

CVE-2019-4485

The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis

4.3CVSS4.3AI score0.00994EPSS
CVE
CVE
added 2021/01/07 5:40 p.m.42 views

CVE-2020-4892

CVE-2020-4892 affects IBM Emptoris Contract Management 10.1.3.x, with a reflected cross-site scripting vulnerability in the Web UI that could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue is documented in the IBM Security Bul...

5.4CVSS5.2AI score0.00554EPSS