SQL Injection Vulnerability in IBM Contract Management and IBM Emptoris Spend Analysis
CVE-2019-4481
7.6HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 20 August 2019
Summary
The vulnerability exists in IBM Contract Management and IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 due to improper handling of user inputs. An attacker could exploit this flaw by sending specially crafted SQL statements, which may result in unauthorized access to the back-end database. This could allow the attacker to view, add, modify, or delete sensitive information, jeopardizing data integrity and confidentiality.
Affected Version(s)
Contract Management 10.1.0
Contract Management 10.1.3
Emptoris Spend Analysis 10.1.0
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved