Information Disclosure Vulnerability in IBM Emptoris Contract Management Products
CVE-2016-6018

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Emptoris Contract Management
Vendor
CVE Published:
19 July 2017

Summary

IBM Emptoris Contract Management versions 10.0 and 10.1 expose detailed error messages within certain features, potentially allowing attackers to gain sensitive information. This could lead to unauthorized access or facilitate further exploitative actions against the system. Organizations using these versions should review their security configurations and limit error message leakage to safeguard against potential data breaches.

Affected Version(s)

Emptoris Contract Management 10.0.0.0

Emptoris Contract Management 10.0.1.0

Emptoris Contract Management 10.0.2.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/116738
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22005664
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99624
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.