Information Disclosure in IBM Emptoris Sourcing and Contract Management Products
CVE-2019-4485
4.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 20 August 2019
Summary
Sensitive information exposure occurs in specific versions of IBM Emptoris Sourcing, Contract Management, and Spend Analysis due to improperly generated error messages. These messages may reveal crucial system information, potentially enabling attackers to further exploit vulnerabilities in the affected applications.
Affected Version(s)
Contract Management 10.1.0
Contract Management 10.1.3
Emptoris Sourcing 10.1.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved