Lucene search

IbmCVE-2014-3041

HistoryAug 26, 2014 - 2:55 p.m.

CVE-2014-3041

2014-08-2614:55:05

CWE-89

ibm

web.nvd.nist.gov

cve-2014-3041

sql injection

ibm emptoris contract management

vulnerability

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON

SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

ibmemptoris_contract_managementMatch9.5.0.0

ibmemptoris_contract_managementMatch9.5.0.1

ibmemptoris_contract_managementMatch9.5.0.2

ibmemptoris_contract_managementMatch9.5.0.3

ibmemptoris_contract_managementMatch9.5.0.4

ibmemptoris_contract_managementMatch9.5.0.5

ibmemptoris_contract_managementMatch9.5.0.6

ibmemptoris_contract_managementMatch10.0.0.0

ibmemptoris_contract_managementMatch10.0.0.1

ibmemptoris_contract_managementMatch10.0.1.0

ibmemptoris_contract_managementMatch10.0.1.1

ibmemptoris_contract_managementMatch10.0.1.2

ibmemptoris_contract_managementMatch10.0.1.3

ibmemptoris_contract_managementMatch10.0.2.0

ibmemptoris_contract_managementMatch10.0.2.1

ibmemptoris_contract_managementMatch10.0.2.2

VendorProductVersionCPE
ibmemptoris_contract_management9.5.0.0cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:*:*:*:*:*:*:*
ibmemptoris_contract_management9.5.0.1cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:*:*:*:*:*:*:*
ibmemptoris_contract_management9.5.0.2cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:*:*:*:*:*:*:*
ibmemptoris_contract_management9.5.0.3cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:*:*:*:*:*:*:*
ibmemptoris_contract_management9.5.0.4cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:*:*:*:*:*:*:*
ibmemptoris_contract_management9.5.0.5cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:*:*:*:*:*:*:*
ibmemptoris_contract_management9.5.0.6cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:*:*:*:*:*:*:*
ibmemptoris_contract_management10.0.0.0cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:*:*:*:*:*:*:*
ibmemptoris_contract_management10.0.0.1cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:*:*:*:*:*:*:*
ibmemptoris_contract_management10.0.1.0cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	emptoris_contract_management	9.5.0.0	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.0:::::::*
ibm	emptoris_contract_management	9.5.0.1	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.1:::::::*
ibm	emptoris_contract_management	9.5.0.2	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.2:::::::*
ibm	emptoris_contract_management	9.5.0.3	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.3:::::::*
ibm	emptoris_contract_management	9.5.0.4	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.4:::::::*
ibm	emptoris_contract_management	9.5.0.5	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.5:::::::*
ibm	emptoris_contract_management	9.5.0.6	cpe:2.3:a:ibm:emptoris_contract_management:9.5.0.6:::::::*
ibm	emptoris_contract_management	10.0.0.0	cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.0:::::::*
ibm	emptoris_contract_management	10.0.0.1	cpe:2.3:a:ibm:emptoris_contract_management:10.0.0.1:::::::*
ibm	emptoris_contract_management	10.0.1.0	cpe:2.3:a:ibm:emptoris_contract_management:10.0.1.0:::::::*

Rows per page:

1-10 of 161

References

secunia.com/advisories/60479

www-01.ibm.com/support/docview.wss?uid=swg21680370

exchange.xforce.ibmcloud.com/vulnerabilities/93318

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON

Related for CVE-2014-3041