Information Disclosure in IBM Emptoris Strategic Supply Management
CVE-2020-4893

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 January 2021

Summary

IBM Emptoris Strategic Supply Management versions 10.1.0, 10.1.1, and 10.1.3 are vulnerable due to the transmission of sensitive information through HTTP GET request parameters. This vulnerability can potentially be exploited by attackers utilizing man-in-the-middle techniques to intercept and access confidential data. Administrators should promptly assess their systems for these versions and implement necessary security measures to mitigate any risk associated with this vulnerability.

Affected Version(s)

Emptoris Strategic Supply Management 10.1.0

Emptoris Strategic Supply Management 10.1.1

Emptoris Strategic Supply Management 10.1.3

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.