SQL Injection Vulnerability in IBM Emptoris Contract Management
CVE-2014-3041

Currently unrated

Key Information:

Vendor: IBM
Status: Emptoris Contract Management
Vendor: CVE Published:; 26 August 2014

Summary

A SQL injection vulnerability exists in IBM Emptoris Contract Management that permits remote authenticated users to execute arbitrary SQL commands. This vulnerability is due to insufficient validation of user-supplied input, enabling attackers to manipulate queries executed by the application's backend database. Resulting actions could lead to unauthorized access or manipulation of sensitive data, depending on the privileges of the authenticated user.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93318

vdb-entryx_refsource_XF

http://secunia.com/advisories/60479

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21680370

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 26, 2014
Vulnerability Reserved
Apr 29, 2014