Vulnerability Details : CVE-2019-4485
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069.
Products affected by CVE-2019-4485
- cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*
- IBM » Emptoris Contract ManagementVersions from including (>=) 10.1.0 and up to, including, (<=) 10.1.3cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-4485
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-4485
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2019-4485
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4485
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/164069
IBM Emptoris information disclosure CVE-2019-4485 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/docview.wss?uid=ibm10880221
IBM Security Bulletin: Error Message Vulnerabilities Affect IBM Emptoris Sourcing, IBM Emptoris Contract Management and IBM Emptoris Spend Analysis.Vendor Advisory
Jump to