cvelist/2019/4xxx/CVE-2019-4308.json

{
    "impact": {
        "cvssv3": {
            "BM": {
                "AV": "N",
                "S": "U",
                "PR": "L",
                "I": "N",
                "UI": "N",
                "SCORE": "4.300",
                "A": "N",
                "C": "L",
                "AC": "L"
            },
            "TM": {
                "E": "U",
                "RC": "C",
                "RL": "O"
            }
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Obtain Information"
                    }
                ]
            }
        ]
    },
    "data_type": "CVE",
    "data_format": "MITRE",
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Emptoris Sourcing",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "10.1.0"
                                        },
                                        {
                                            "version_value": "10.1.3"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Contract Management",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "10.1.0"
                                        },
                                        {
                                            "version_value": "10.1.3"
                                        }
                                    ]
                                }
                            },
                            {
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "10.1.0"
                                        },
                                        {
                                            "version_value": "10.1.3"
                                        }
                                    ]
                                },
                                "product_name": "Emptoris Spend Analysis"
                            }
                        ]
                    },
                    "vendor_name": "IBM"
                }
            ]
        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."
            }
        ]
    },
    "CVE_data_meta": {
        "STATE": "PUBLIC",
        "ID": "CVE-2019-4308",
        "ASSIGNER": "psirt@us.ibm.com",
        "DATE_PUBLIC": "2019-08-13T00:00:00"
    },
    "references": {
        "reference_data": [
            {
                "title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",
                "refsource": "CONFIRM",
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",
                "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"
            },
            {
                "name": "ibm-emptoris-cve20194308-info-disc (161034)",
                "refsource": "XF",
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034",
                "title": "X-Force Vulnerability Report"
            }
        ]
    },
    "data_version": "4.0"
}
- Synchronized data. 2019-01-03 15:04:29 -05:00			`{`
"-Synchronized-Data." 2019-08-20 19:00:53 +00:00			`"impact": {`
			`"cvssv3": {`
			`"BM": {`
			`"AV": "N",`
			`"S": "U",`
			`"PR": "L",`
			`"I": "N",`
			`"UI": "N",`
			`"SCORE": "4.300",`
			`"A": "N",`
			`"C": "L",`
			`"AC": "L"`
			`},`
			`"TM": {`
			`"E": "U",`
			`"RC": "C",`
			`"RL": "O"`
			`}`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Obtain Information"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Emptoris Sourcing",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "10.1.0"`
			`},`
			`{`
			`"version_value": "10.1.3"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "Contract Management",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "10.1.0"`
			`},`
			`{`
			`"version_value": "10.1.3"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "10.1.0"`
			`},`
			`{`
			`"version_value": "10.1.3"`
			`}`
			`]`
			`},`
			`"product_name": "Emptoris Spend Analysis"`
			`}`
			`]`
			`},`
			`"vendor_name": "IBM"`
			`}`
IBM20190820-141742 Added CVE-2019-4294, CVE-2019-4402, CVE-2019-4485, CVE-2019-4117, CVE-2019-4483, CVE-2019-4481, CVE-2019-4310, CVE-2019-4433, CVE-2019-4420, CVE-2019-4419, CVE-2019-4425, CVE-2019-4049, CVE-2019-4308, CVE-2019-4484, CVE-2019-4460 2019-08-20 14:17:42 -04:00			`]`
"-Synchronized-Data." 2019-08-20 19:00:53 +00:00			`}`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 could allow an authenticated user to obtain sensitive information from error messages IBM X-Force ID: 161034."`
			`}`
			`]`
			`},`
			`"CVE_data_meta": {`
			`"STATE": "PUBLIC",`
			`"ID": "CVE-2019-4308",`
			`"ASSIGNER": "psirt@us.ibm.com",`
			`"DATE_PUBLIC": "2019-08-13T00:00:00"`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"title": "IBM Security Bulletin 880221 (Emptoris Sourcing)",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880221",`
			`"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880221"`
			`},`
"-Synchronized-Data." 2019-03-18 05:50:18 +00:00			`{`
"-Synchronized-Data." 2019-08-20 19:00:53 +00:00			`"name": "ibm-emptoris-cve20194308-info-disc (161034)",`
			`"refsource": "XF",`
			`"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161034",`
			`"title": "X-Force Vulnerability Report"`
"-Synchronized-Data." 2019-03-18 05:50:18 +00:00			`}`
"-Synchronized-Data." 2019-08-20 19:00:53 +00:00			`]`
			`},`
			`"data_version": "4.0"`
			`}`