CVE-2020-4893
5.9
CVSS:3.0/I:N/S:U/C:H/UI:N/AV:N/A:N/PR:N/AC:H/E:U/RL:O/RC:C
Summary
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Emptoris Strategic Supply Management | 10.1.0 | affected |
| IBM | Emptoris Strategic Supply Management | 10.1.1 | affected |
| IBM | Emptoris Strategic Supply Management | 10.1.3 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6398282
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190984
References
- https://www.ibm.com/support/pages/node/6398282
- https://exchange.xforce.ibmcloud.com/vulnerabilities/190984
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.