{"containers": {"cna": {"affected": [{"product": "Contract Management", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.1.3"}]}, {"product": "Emptoris Spend Analysis", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.1.3"}]}, {"product": "Emptoris Sourcing", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.1.3"}]}], "datePublic": "2019-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/PR:L/I:N/S:U/AV:N/AC:L/C:L/A:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-20T18:25:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"}, {"name": "ibm-emptoris-cve20194485-info-disc (164069)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-08-13T00:00:00", "ID": "CVE-2019-4485", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Contract Management", "version": {"version_data": [{"version_value": "10.1.0"}, {"version_value": "10.1.3"}]}}, {"product_name": "Emptoris Spend Analysis", "version": {"version_data": [{"version_value": "10.1.0"}, {"version_value": "10.1.3"}]}}, {"product_name": "Emptoris Sourcing", "version": {"version_data": [{"version_value": "10.1.0"}, {"version_value": "10.1.3"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221", "refsource": "CONFIRM", "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)", "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"}, {"name": "ibm-emptoris-cve20194485-info-disc (164069)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2019-4485", "datePublished": "2019-08-13T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-08-20T18:25:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:emptoris_contract_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D7466F9-70A7-4CF9-B4A9-F9945592302A", "versionEndIncluding": "10.1.3", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9A77E60-A415-4933-B405-44E8F673CED3", "versionEndIncluding": "10.1.3", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:emptoris_spend_analysis:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDE77696-0960-44B9-80E7-1252355D5783", "versionEndIncluding": "10.1.3", "versionStartIncluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069."}, {"lang": "es", "value": "IBM Emptoris Sourcing 10.1.0 a 10.1.3, IBM Contract Management 10.1.0 a 10.1.3 e IBM Emptoris Spend Analysis 10.1.0 a 10.1.3 genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda utilizarse en otros ataques contra el Sistema. ID de IBM X-Force: 164069."}], "id": "CVE-2019-4485", "lastModified": "2022-12-02T22:32:37.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-20T19:15:17.183", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164069"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}