CVE-2016-6018

MEDIUM

IBM Emptoris Contract Management <10.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

References (3)

Core 3
Core References
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/116738
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22005664
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99624

Scores

CVSS v3 4.3
EPSS 0.0096
EPSS Percentile 57.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (32)
IBM/Emptoris Contract Management 10.0.0.0
IBM/Emptoris Contract Management 10.0.1.0
IBM/Emptoris Contract Management 10.0.2.0
IBM/Emptoris Contract Management 10.0.4.0
IBM/Emptoris Contract Management 10.1.0
ibm/emptoris_contract_management 10.0.0.0
ibm/emptoris_contract_management 10.0.0.1
ibm/emptoris_contract_management 10.0.1.0
ibm/emptoris_contract_management 10.0.1.1
ibm/emptoris_contract_management 10.0.1.2
... and 22 more
Published Jul 19, 2017
Tracked Since Feb 18, 2026