Information Disclosure Vulnerability in IBM Emptoris Contract Management Products
CVE-2016-6018
4.3MEDIUM
Summary
IBM Emptoris Contract Management versions 10.0 and 10.1 expose detailed error messages within certain features, potentially allowing attackers to gain sensitive information. This could lead to unauthorized access or facilitate further exploitative actions against the system. Organizations using these versions should review their security configurations and limit error message leakage to safeguard against potential data breaches.
Affected Version(s)
Emptoris Contract Management 10.0.0.0
Emptoris Contract Management 10.0.1.0
Emptoris Contract Management 10.0.2.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved