4.3
CVE-2019-4308
- EPSS 0.16%
- Veröffentlicht 20.08.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 04:43:27
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Emptoris Contract Management Version >= 10.1.0 <= 10.1.3
Ibm ≫ Emptoris Sourcing Version >= 10.1.0 <= 10.1.3
Ibm ≫ Emptoris Spend Analysis Version >= 10.1.0 <= 10.1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| psirt@us.ibm.com | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.