Lucene search
K
IbmEmptoris Spend Analysis

14 matches found

CVE
CVE
added 2020/02/20 4:45 p.m.62 views

CVE-2019-4752

The CVE-2019-4752 issue affects IBM Emptoris Strategic Supply Management Platform (and Emptoris Spend Analysis) versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The vulnerability is SQL injection allowing a remote attacker to cause unauthorized view/modify/delete of back-end data. IBM’s security bullet...

8.8CVSS8.7AI score0.01295EPSS
CVE
CVE
added 2017/08/30 9:0 p.m.54 views

CVE-2017-1446

CVE-2017-1446 affects IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1, with a cross-site scripting vulnerability in the Web UI that can embed arbitrary JavaScript and potentially disclose credentials within a trusted session. IBM’s Security Bulletin lists concrete remediation paths: Fixpacks/i...

5.4CVSS5.2AI score0.00725EPSS
CVE
CVE
added 2014/08/26 10:0 a.m.53 views

CVE-2014-4790

The CVE-2014-4790 entry affects IBM Emptoris Sourcing Portfolio and Emptoris Spend Analysis. Affected.product components: Emptoris Sourcing Portfolio versions 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4; Emptoris Spend Analysis versions 9...

4.9CVSS8.6AI score0.00803EPSS
CVE
CVE
added 2021/01/07 5:40 p.m.52 views

CVE-2020-4897

CVE-2020-4897 affects IBM Emptoris Contract Management and IBM Emptoris Spend Analysis. The vulnerability arises from verbose application errors that reveal detailed information in browser responses, enabling an attacker to obtain sensitive data and potentially facilitate subsequent attacks. Affe...

5.3CVSS4.8AI score0.01578EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4481

CVE-2019-4481 affects IBM Contract Management 10.1.0–10.1.3 and IBM Emptoris Spend Analysis 10.1.0–10.1.3, per multiple sources. The vulnerability is a SQL injection in which a remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end databas...

9.8CVSS9.1AI score0.01959EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.51 views

CVE-2019-4484

IBM Emptoris Sourcing (10.1.0–10.1.3), IBM Contract Management (10.1.0–10.1.3), and IBM Emptoris Spend Analysis (10.1.0–10.1.3) expose an information disclosure vulnerability where error messages reveal sensitive data. The issue arises from error handling that can be exploited to obtain confident...

4.3CVSS4.3AI score0.00994EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.48 views

CVE-2019-4308

IBM Emptoris Sourcing, IBM Contract Management, and IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to information disclosure via error messages when accessed by an authenticated user. The CVE-2019-4308 issue is described across multiple sources: an information disclosure vulner...

4.3CVSS4.1AI score0.00994EPSS
CVE
CVE
added 2017/08/30 9:0 p.m.46 views

CVE-2017-1445

IBM Emptoris Spend Analysis 9.5.0.0–10.1.1 is vulnerable to cross-site scripting in the Web UI, allowing arbitrary JavaScript execution that could disclose credentials within a trusted session. The IBM bulletin lists fixes across versions (e.g., 9.5.x through 10.1.x) and recommends applying the a...

5.4CVSS5.2AI score0.00729EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.46 views

CVE-2019-4483

Affected products: IBM Contract Management and IBM Emptoris Spend Analysis, versions 10.1.0–10.1.3. The issue is an SQL injection that allows a remote attacker to view, add, modify, or delete data in the back-end database by sending specially crafted SQL statements. Root cause: improper handling ...

9.8CVSS9.1AI score0.01959EPSS
CVE
CVE
added 2014/08/26 2:0 p.m.45 views

CVE-2014-3061

IBM Emptoris Spend Analysis is affected by a CSRF vulnerability (CVE-2014-3061) in 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Root cause is ...

6.8CVSS9.2AI score0.00626EPSS
CVE
CVE
added 2014/08/26 2:0 p.m.44 views

CVE-2014-3035

CVE-2014-3035 affects IBM Emptoris Spend Analysis: versions 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4. The issue is a Cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The NV...

3.5CVSS6.8AI score0.00936EPSS
CVE
CVE
added 2014/08/26 10:0 a.m.43 views

CVE-2014-3040

CVE-2014-3040 is a CSRF vulnerability in IBM Emptoris family (Contract Management, Sourcing Portfolio, Spend Analysis). The flaw affects multiple versions across 9.5.x and 10.x, where remote authenticated users can hijack a user’s session by crafting requests that insert XSS sequences. Affected c...

6CVSS9AI score0.00851EPSS
CVE
CVE
added 2019/08/20 7:30 p.m.43 views

CVE-2019-4482

IBM Emptoris Spend Analysis versions 10.1.0–10.1.3 are vulnerable to cross-site scripting (CVE-2019-4482), allowing arbitrary JavaScript in the Web UI and potentially exposing credentials within a trusted session. CVSS v3 base score 5.4 (network attack, low complexity, user interaction required)....

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.43 views

CVE-2019-4485

The CVE-2019-4485 issue affects IBM Emptoris Sourcing <10.1.4, IBM Contract Management <10.1.4, and IBM Emptoris Spend Analysis

4.3CVSS4.3AI score0.00994EPSS