CVE-2019-4752

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.6%
top 30.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Emptoris Spend AnalysisIBM Emptoris Strategic Supply Management PlatformIBM Emptoris Strategic Supply Management
Timeline
PublishedFeb 20
Latest updateMay 24

Description

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5ibm/emptoris_strategic_supply_management10.1.0.34, 10.1.1.33, 10.1.3.29+2
NVDibm/emptoris_spend_analysis10.1.0.010.1.0.34+2
CVEListV5ibm/emptoris_spend_analysis10.1.0, 10.1.1, 10.1.3+2

🔴Vulnerability Details

2
GHSA
GHSA-8j42-mv6v-2hw2: IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 102022-05-24
CVEList
CVE-2019-4752: IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 102020-02-20
CVE-2019-4752 (HIGH CVSS 8.8) | IBM Emptoris Spend Analysis and IBM | cvebase.io