CVE-2019-4483

HIGH Year: 2019
CVSS v3 Score
7.6
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-89
View all →

Vulnerability Description

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067.

Related Vulnerabilities

CVE-2016-8928

HIGH
CVSS:7.6(High)

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

CWE-892016

CVE-2016-8930

HIGH
CVSS:7.6(High)

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the ...

CWE-892016

CVE-2019-19094

HIGH
CVSS:7.6(High)

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.

CWE-892019

CVE-2019-4481

HIGH
CVSS:7.6(High)

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which...

CWE-892019

CVE-2019-4752

HIGH
CVSS:7.6(High)

IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL st...

CWE-892019

CVE-2019-5991

HIGH
CVSS:7.6(High)

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

CWE-892019