Ibm: >> Emptoris Contract Management >> 10.1.3.0 Security Vulnerabilities
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-07
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-01-07
IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-04-29