Information Disclosure in IBM Emptoris Strategic Supply Management
CVE-2020-4893
5.9MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 7 January 2021
Summary
IBM Emptoris Strategic Supply Management versions 10.1.0, 10.1.1, and 10.1.3 are vulnerable due to the transmission of sensitive information through HTTP GET request parameters. This vulnerability can potentially be exploited by attackers utilizing man-in-the-middle techniques to intercept and access confidential data. Administrators should promptly assess their systems for these versions and implement necessary security measures to mitigate any risk associated with this vulnerability.
Affected Version(s)
Emptoris Strategic Supply Management 10.1.0
Emptoris Strategic Supply Management 10.1.1
Emptoris Strategic Supply Management 10.1.3
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved