SQL Injection Vulnerability in IBM Contract Management and IBM Emptoris Spend Analysis
CVE-2019-4483

7.6HIGH

Key Information:

Vendor: IBM
Status: Contract Management; Emptoris Spend Analysis
Vendor: CVE Published:; 20 August 2019

Summary

IBM Contract Management and Emptoris Spend Analysis, versions 10.1.0 through 10.1.3, are susceptible to SQL injection attacks. This vulnerability allows remote attackers to manipulate SQL queries by sending specially-crafted input. Such actions can grant unauthorized access to sensitive data, enabling attackers to view, alter, or even delete critical information stored in the back-end database. Organizations using these affected products should implement necessary security measures promptly.

Affected Version(s)

Contract Management 10.1.0

Contract Management 10.1.3

Emptoris Spend Analysis 10.1.0

References

https://www.ibm.com/support/docview.wss?uid=ibm10880223

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/164067

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Jan 3, 2019