Lucene search

IbmCVELIST:CVE-2020-4893

HistoryJan 07, 2021 - 5:40 p.m.

CVE-2020-4893

2021-01-0717:40:28

ibm

www.cve.org

ibm

emptoris

supply management

vulnerability

disclosure

http

get request

information disclosure

man in the middle

x-force id

190984

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

CNA Affected

[
  {
    "product": "Emptoris Strategic Supply Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      },
      {
        "status": "affected",
        "version": "10.1.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/190984

www.ibm.com/support/pages/node/6398282

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

Related for CVELIST:CVE-2020-4893