16 matches found
CVE-2020-4897
CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...
CVE-2015-5050
IBM Emptoris Contract Management contains a CSRF vulnerability (CVE-2015-5050) affecting multiple tracked branches: 9.5.0.x before 9.5.0.6 iFix15; 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5; 10.0.2.x before 10.0.2.7 iFix4; and 10.0.4.x before 10.0.4.0 iFix3. The issue allows remote authenticated...
CVE-2019-4481
CVE-2019-4481 affects IBM Contract Management 10.1.0–10.1.3 and IBM Emptoris Spend Analysis 10.1.0–10.1.3, per multiple sources. The vulnerability is a SQL injection in which a remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end databas...
CVE-2019-4484
IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...
CVE-2019-4308
IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...
CVE-2014-3034
The CVE-2014-3034 entry describes a cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management. It affects IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2. The flaw all...
CVE-2014-3041
IBM Emptoris Contract Management is affected by CVE-2014-3041, a SQL injection vulnerability in 9.5.x before 9.5.0.6 iFix 10; 10.0.0.x before 10.0.0.1 iFix 10; 10.0.1.x before 10.0.1.4; and 10.0.2.x before 10.0.2.2 iFix 2. Remote authenticated users can execute arbitrary SQL commands via unspecif...
CVE-2018-1961
CVE-2018-1961 affects IBM Emptoris Contract Management 10.0.x through 10.1.3.x. The vulnerability arises from the product generating more detailed error messages, potentially allowing disclosure of sensitive information. IBM’s security bulletin confirms the issue and lists remediation as applying...
CVE-2019-4483
Affected products: IBM Contract Management and IBM Emptoris Spend Analysis, versions 10.1.0–10.1.3. The issue is an SQL injection that allows a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. Root cause: improper handling ...
CVE-2014-6212
The CVE-2014-6212 issue is an XML External Entity (XXE) vulnerability in IBM Emptoris family products (Contract Management, Sourcing, Program Management/SSMP). The Echo API across multiple versions (Contract Management 9.5.x up to 9.5.0.6 iFix11; 10.0.0.x up to 10.0.0.1 iFix12; 10.0.1.x up to 10....
CVE-2015-7398
CVE-2015-7398 is a cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management. The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Affected are IBM Emptoris Contract Management releases: 9.5.0.x before 9.5.0.6 iFix15; 10.0.0.x an...
CVE-2016-6018
CVE-2016-6018 affects IBM Emptoris Contract Management 10.0 and 10.1, where detailed error messages in certain features could allow an attacker to obtain additional information for further actions. The vulnerability is characterized as an information disclosure issue (information exposure) with a...
CVE-2014-3040
CVE-2014-3040 is a CSRF vulnerability in IBM Emptoris family (Contract Management, Sourcing Portfolio, Spend Analysis). The flaw affects multiple versions across 9.5.x and 10.x, where remote authenticated users can hijack a user’s session by crafting requests that insert XSS sequences. Affected c...
CVE-2015-5042
CVE-2015-5042 affects IBM Emptoris Contract Management. Multiple product lines are impacted: 9.5.0.x before 9.5.0.6 iFix15; 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5; 10.0.2.x before 10.0.2.7 iFix4; and 10.0.4.x before 10.0.4.0 iFix3. The vulnerability allows remote attackers to execute arbitra...
CVE-2019-4485
The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis
CVE-2020-4892
CVE-2020-4892 affects IBM Emptoris Contract Management 10.1.3.x, with a reflected cross-site scripting vulnerability in the Web UI that could allow an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue is documented in the IBM Security Bul...