SQL Injection Vulnerability in IBM Contract Management and IBM Emptoris Spend Analysis
CVE-2019-4483
7.6HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 20 August 2019
Summary
IBM Contract Management and Emptoris Spend Analysis, versions 10.1.0 through 10.1.3, are susceptible to SQL injection attacks. This vulnerability allows remote attackers to manipulate SQL queries by sending specially-crafted input. Such actions can grant unauthorized access to sensitive data, enabling attackers to view, alter, or even delete critical information stored in the back-end database. Organizations using these affected products should implement necessary security measures promptly.
Affected Version(s)
Contract Management 10.1.0
Contract Management 10.1.3
Emptoris Spend Analysis 10.1.0
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved