Skip to main content

Emptoris Spend Analysis

12 CVEs product

Monthly

CVE-2019-4482 MEDIUM This Month

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4485 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4484 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-4483 CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management Emptoris Spend Analysis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-4481 CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management Emptoris Spend Analysis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-4308 MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management Emptoris Sourcing Emptoris Spend Analysis
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2017-1446 MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2017-1445 MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2014-3061 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Emptoris Spend Analysis
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3035 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Emptoris Spend Analysis
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-4790 MEDIUM PATCH This Month

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Privilege Escalation Emptoris Spend Analysis Emptoris Sourcing Portfolio
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-3040 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF Emptoris Spend Analysis Emptoris Sourcing Portfolio +1
NVD
CVSS 2.0
6.0
EPSS
0.2%
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Emptoris Contract Management +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Emptoris Contract Management +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Emptoris Spend Analysis
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

IBM Privilege Escalation Emptoris Spend Analysis +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS CSRF +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy