Vulnerability Details : CVE-2019-4484
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068.
Products affected by CVE-2019-4484
- cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*
- IBM » Emptoris Contract ManagementVersions from including (>=) 10.1.0 and up to, including, (<=) 10.1.3cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-4484
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-4484
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2019-4484
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4484
-
https://www.ibm.com/support/docview.wss?uid=ibm10880221
IBM Security Bulletin: Error Message Vulnerabilities Affect IBM Emptoris Sourcing, IBM Emptoris Contract Management and IBM Emptoris Spend Analysis.Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/164068
IBM Emptoris information disclosure CVE-2019-4484 Vulnerability ReportVDB Entry;Vendor Advisory
Jump to