CVE-2019-4308
4.3
CVSS:3.0/AV:N/S:U/PR:L/I:N/UI:N/A:N/C:L/AC:L/E:U/RC:C/RL:O
Summary
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Emptoris Sourcing | 10.1.0 | affected |
| IBM | Emptoris Sourcing | 10.1.3 | affected |
| IBM | Contract Management | 10.1.0 | affected |
| IBM | Contract Management | 10.1.3 | affected |
| IBM | Emptoris Spend Analysis | 10.1.0 | affected |
| IBM | Emptoris Spend Analysis | 10.1.3 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/docview.wss?uid=ibm10880221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/161034
References
- https://www.ibm.com/support/docview.wss?uid=ibm10880221
- https://exchange.xforce.ibmcloud.com/vulnerabilities/161034
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.