SQL Injection Vulnerability in IBM Contract Management and IBM Emptoris Spend Analysis
CVE-2019-4481

7.6HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 August 2019

Summary

The vulnerability exists in IBM Contract Management and IBM Emptoris Spend Analysis versions 10.1.0 through 10.1.3 due to improper handling of user inputs. An attacker could exploit this flaw by sending specially crafted SQL statements, which may result in unauthorized access to the back-end database. This could allow the attacker to view, add, modify, or delete sensitive information, jeopardizing data integrity and confidentiality.

Affected Version(s)

Contract Management 10.1.0

Contract Management 10.1.3

Emptoris Spend Analysis 10.1.0

References

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.