CVE-2019-4752
published 2020-02-20CVE-2019-4752: IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | emptoris_spend_analysis | — | — |
| ibm | emptoris_spend_analysis | — | — |
| ibm | emptoris_spend_analysis | — | — |
| ibm | emptoris_spend_analysis | >= 10.1.0.0 < 10.1.0.34 | 10.1.0.34 |
| ibm | emptoris_spend_analysis | >= 10.1.1.0 < 10.1.1.33 | 10.1.1.33 |
| ibm | emptoris_spend_analysis | >= 10.1.3.0 < 10.1.3.29 | 10.1.3.29 |
| ibm | emptoris_strategic_supply_management | — | — |
| ibm | emptoris_strategic_supply_management | — | — |
| ibm | emptoris_strategic_supply_management | — | — |
| ibm | emptoris_strategic_supply_management_platform | >= 10.1.0.0 < 10.1.0.34 | 10.1.0.34 |
| ibm | emptoris_strategic_supply_management_platform | >= 10.1.1.0 < 10.1.1.33 | 10.1.1.33 |
| ibm | emptoris_strategic_supply_management_platform | >= 10.1.3.0 < 10.1.3.29 | 10.1.3.29 |