14 matches found
CVE-2019-4752
The CVE-2019-4752 issue affects IBM Emptoris Strategic Supply Management Platform (and Emptoris Spend Analysis) versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The vulnerability is SQL injection allowing a remote attacker to cause unauthorized view/modify/delete of back-end data. IBM’s security bullet...
CVE-2017-1446
CVE-2017-1446 affects IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1, with a cross-site scripting vulnerability in the Web UI that can embed arbitrary JavaScript and potentially disclose credentials within a trusted session. IBM’s Security Bulletin lists concrete remediation paths: Fixpacks/i...
CVE-2014-4790
The CVE-2014-4790 entry affects IBM Emptoris Sourcing Portfolio and Emptoris Spend Analysis. Affected.product components: Emptoris Sourcing Portfolio versions 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; Emptoris Spend Analysis versions 9...
CVE-2020-4897
CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...
CVE-2019-4481
CVE-2019-4481 affects IBM Contract Management 10.1.0–10.1.3 and IBM Emptoris Spend Analysis 10.1.0–10.1.3, per multiple sources. The vulnerability is a SQL injection in which a remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end databas...
CVE-2019-4484
IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...
CVE-2019-4308
IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...
CVE-2017-1445
IBM Emptoris Spend Analysis 9.5.0.0–10.1.1 is vulnerable to cross-site scripting in the Web UI, allowing arbitrary JavaScript execution that could disclose credentials within a trusted session. The IBM bulletin lists fixes across versions (e.g., 9.5.x through 10.1.x) and recommends applying the a...
CVE-2019-4483
Affected products: IBM Contract Management and IBM Emptoris Spend Analysis, versions 10.1.0–10.1.3. The issue is an SQL injection that allows a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. Root cause: improper handling ...
CVE-2014-3061
IBM Emptoris Spend Analysis is affected by a CSRF vulnerability (CVE-2014-3061) in 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Root cause is ...
CVE-2014-3035
CVE-2014-3035 affects IBM Emptoris Spend Analysis: versions 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue is a Cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The NV...
CVE-2014-3040
CVE-2014-3040 is a CSRF vulnerability in IBM Emptoris family (Contract Management, Sourcing Portfolio, Spend Analysis). The flaw affects multiple versions across 9.5.x and 10.x, where remote authenticated users can hijack a user’s session by crafting requests that insert XSS sequences. Affected c...
CVE-2019-4482
IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to cross-site scripting (CVE-2019-4482), allowing arbitrary JavaScript in the Web UI and potentially exposing credentials within a trusted session. CVSS v3 base score 5.4 (network attack, low complexity, user interaction required)....
CVE-2019-4485
The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis