CVE-2016-6018

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 56.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Contract Management

Timeline

PublishedJul 19

Latest updateMay 17

Description

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/emptoris_contract_management5 versions+4

▶NVDibm/emptoris_contract_management27 versions+26

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3337-29hg-rgvq: IBM Emptoris Contract Management 10↗2022-05-17

▶

CVEList

CVE-2016-6018: IBM Emptoris Contract Management 10↗2017-07-19

▶