CVE-2020-4893

CWE-319 — Cleartext Transmission CWE-755 — Improper Exception Handling4 documents4 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 67.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Emptoris Strategic Supply Management

Timeline

PublishedJan 7

Latest updateMay 24

Description

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/emptoris_strategic_supply_management10.1.0.0 — 10.1.0.38+2

▶CVEListV5ibm/emptoris_strategic_supply_management10.1.0, 10.1.1, 10.1.3+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-jf7p-v9hx-5vrc: IBM Emptoris Strategic Supply Management 10↗2022-05-24

▶

CVEList

CVE-2020-4893: IBM Emptoris Strategic Supply Management 10↗2021-01-07

▶

📋Vendor Advisories

Juniper

CVE-2020-1632: In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an in↗2020-04-15

▶