Vulnerability Description
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Emptoris Contract Management | >= 10.1.0, <= 10.1.3 |
| Ibm | Emptoris Sourcing | >= 10.1.0, <= 10.1.3 |
| Ibm | Emptoris Spend Analysis | >= 10.1.0, <= 10.1.3 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/161034VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10880221Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/161034VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10880221Vendor Advisory
FAQ
What is CVE-2019-4308?
CVE-2019-4308 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive ...
How severe is CVE-2019-4308?
CVE-2019-4308 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-4308?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Emptoris Contract Management, Ibm Emptoris Sourcing, Ibm Emptoris Spend Analysis.