4.3
CVE-2019-4308
- EPSS 0.16%
- Veröffentlicht 20.08.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:27
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Emptoris Contract Management Version >= 10.1.0 <= 10.1.3
Ibm ≫ Emptoris Sourcing Version >= 10.1.0 <= 10.1.3
Ibm ≫ Emptoris Spend Analysis Version >= 10.1.0 <= 10.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| psirt@us.ibm.com | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.