CVE-2020-4896 MEDIUM

CVE-2020-4896

Vendor Ibm
Product Emptoris Sourcing
Published January 7, 2021
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/I:L/UI:N/C:L/S:U/A:N/AC:L/PR:N/AV:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987.

Key dates

02Disclosure timeline

January 7, 2021 CVE published
September 16, 2024 Record updated