CVE-2020-4893
MEDIUMIBM Emptoris Strategic Supply Management 10.1.0-10.1.0.38 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6398282
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/190984
Scores
CVSS v3
5.9
EPSS
0.0065
EPSS Percentile
46.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
ibm/emptoris_strategic_supply_management
10.1.0.0 - 10.1.0.38
Published
Jan 07, 2021
Tracked Since
Feb 18, 2026