CVE-2018-1961 — Sensitive Information Exposure in IBM Emptoris Contract Management

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 65.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Contract Management

Timeline

PublishedApr 29

Latest updateMay 24

Description

IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose sensitive information from detailed information from error messages. IBM X-Force ID: 153657.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/emptoris_contract_management10.0.0 — 10.1.3.0

▶CVEListV5ibm/emptoris_contract_management10.0.0, 10.1.3, 10.1.3.0+2

🔴Vulnerability Details

GHSA

GHSA-j34w-447c-w9jw: IBM Emptoris Contract Management 10↗2022-05-24

▶

CVEList

CVE-2018-1961: IBM Emptoris Contract Management 10↗2019-04-29

▶