Sensitive Information Disclosure via HTTP GET Request Parameters in IBM Emptoris Strategic Supply Management

Sensitive Information Disclosure via HTTP GET Request Parameters in IBM Emptoris Strategic Supply Management

CVE-2020-4893 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information in HTTP GET request parameters. This may lead to information disclosure via man in the middle methods. IBM X-Force ID: 190984.

Learn more about our Web Application Penetration Testing UK.