Emptoris Contract Management Security Vulnerabilities and Issues — Emptoris Contract Management CVE List

Lucene search

IbmEmptoris Contract Management

16 matches found

CVE•added 2019/08/20 7:15 p.m.•40 views

CVE-2019-4481

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM ...

9.8CVSS9.1AI score0.00452EPSS

CVE•added 2019/08/20 7:15 p.m.•40 views

CVE-2019-4484

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.

4.3CVSS4.3AI score0.00156EPSS

CVE•added 2021/01/07 6:15 p.m.•40 views

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-F...

5.3CVSS4.8AI score0.00256EPSS

CVE•added 2019/08/20 7:15 p.m.•38 views

CVE-2019-4308

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.

4.3CVSS4.1AI score0.00156EPSS

CVE•added 2014/08/26 2:55 p.m.•37 views

CVE-2014-3041

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS9.2AI score0.00314EPSS

CVE•added 2019/08/20 7:15 p.m.•37 views

CVE-2019-4483

9.8CVSS9.1AI score0.00452EPSS

CVE•added 2014/08/26 2:55 p.m.•35 views

CVE-2014-3034

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS6.8AI score0.00188EPSS

CVE•added 2016/02/15 2:59 a.m.•35 views

CVE-2015-5050

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitr...

8.8CVSS8.6AI score0.00105EPSS

CVE•added 2019/04/29 5:29 p.m.•35 views

CVE-2018-1961

IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.

5.3CVSS4.9AI score0.0014EPSS

CVE•added 2015/01/10 2:59 a.m.•34 views

CVE-2014-6212

The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0.1 iFix12, 10.0.1.x before 10.0.1.5 iFix2, and 10.0.2.x before 10.0.2.2 iFix5; Emptoris Sourcing 9.5 before 9.5.1.3 iFix2, 10.0.0.x before 10.0.0.1 iFix1, 10.0.1.x before 10.0.1.3 iFix1, and 10.0.2.x...

4CVSS6.3AI score0.00206EPSS

CVE•added 2016/02/15 2:59 a.m.•34 views

CVE-2015-5042

IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file.

7.5CVSS8.2AI score0.00622EPSS

CVE•added 2016/02/15 2:59 a.m.•34 views

CVE-2015-7398

Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a ...

5.4CVSS5.5AI score0.00168EPSS

CVE•added 2014/08/26 10:55 a.m.•33 views

CVE-2014-3040

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2; Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x bef...

6CVSS9AI score0.00237EPSS

CVE•added 2017/07/19 8:29 p.m.•33 views

CVE-2016-6018

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

4.3CVSS5.4AI score0.00212EPSS

CVE•added 2019/08/20 7:15 p.m.•32 views

CVE-2019-4485

4.3CVSS4.3AI score0.00156EPSS

CVE•added 2021/01/07 6:15 p.m.•32 views

CVE-2020-4892

IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.

5.4CVSS5.2AI score0.00236EPSS