IBM Emptoris Contract Management CVE-2014-3041 Unspecified SQL Injection Vulnerabilitiy

Bugtraq ID:	69364
Class:	Input Validation Error
CVE:	CVE-2014-3041
Remote:	Yes
Local:	No
Published:	Aug 12 2014 12:00AM
Updated:	Aug 12 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Emptoris Contract Management 10.0.2 2 IBM Emptoris Contract Management 10.0.2 0 IBM Emptoris Contract Management 10.0.1 3 IBM Emptoris Contract Management 10.0.1 0 IBM Emptoris Contract Management 10.0 1 IBM Emptoris Contract Management 10.0 0 IBM Emptoris Contract Management 9.5 6 IBM Emptoris Contract Management 9.5 0
Not Vulnerable:

IBM Emptoris Contract Management CVE-2014-3041 Unspecified SQL Injection Vulnerabilitiy

IBM Emptoris Contract Management is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

IBM Emptoris Contract Management 9.5.0.0 through versions 10.0.2.2 are vulnerable.

IBM Emptoris Contract Management CVE-2014-3041 Unspecified SQL Injection Vulnerabilitiy

References:

• Emptoris Contract Management Homepage (IBM)
  
• IBM Homepage (IBM)
  
• Security Bulletin: Multiple vulnerabilities in IBM Emptoris Contract Management (IBM)