Information Disclosure in IBM Emptoris Sourcing and Contract Management Products
CVE-2019-4485

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 August 2019

Summary

Sensitive information exposure occurs in specific versions of IBM Emptoris Sourcing, Contract Management, and Spend Analysis due to improperly generated error messages. These messages may reveal crucial system information, potentially enabling attackers to further exploit vulnerabilities in the affected applications.

Affected Version(s)

Contract Management 10.1.0

Contract Management 10.1.3

Emptoris Sourcing 10.1.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.