CVE-2020-4897
published 2021-01-07CVE-2020-4897: IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | emptoris_contract_management | — | — |
| ibm | emptoris_contract_management | — | — |
| ibm | emptoris_contract_management | — | — |
| ibm | emptoris_contract_management | >= 10.1.0.0 < 10.1.0.38 | 10.1.0.38 |
| ibm | emptoris_contract_management | >= 10.1.1.0 < 10.1.1.35 | 10.1.1.35 |
| ibm | emptoris_contract_management | >= 10.1.3.0 < 10.1.3.30 | 10.1.3.30 |
| ibm | emptoris_spend_analysis | — | — |
| ibm | emptoris_spend_analysis | — | — |
| ibm | emptoris_spend_analysis | — | — |
| ibm | emptoris_spend_analysis | >= 10.1.0.0 < 10.1.0.38 | 10.1.0.38 |
| ibm | emptoris_spend_analysis | >= 10.1.1.0 < 10.1.1.35 | 10.1.1.35 |
| ibm | emptoris_spend_analysis | >= 10.1.3.0 < 10.1.3.30 | 10.1.3.30 |
| msrc | microsoft_365_apps_for_enterprise_for_32-bit_systems | — | — |
| msrc | microsoft_365_apps_for_enterprise_for_64-bit_systems | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | microsoft_office_2019_for_32-bit_editions | — | — |
| msrc | microsoft_office_2019_for_64-bit_editions | — | — |
| msrc | microsoft_word_2010_service_pack_2 | — | — |
| msrc | microsoft_word_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_word_2013_service_pack_1 | — | — |
| msrc | microsoft_word_2016 | — | — |