All the vulnerabilites related to ibm - curam_social_program_management
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346585 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346585 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n de entrada inapropiada antes de llamar a un m\u00e9todo readLine() de java puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podr\u00eda resultar en una denegaci\u00f3n de servicio. IBM X-Force ID: 189159"
}
],
"id": "CVE-2020-4781",
"lastModified": "2024-11-21T05:33:14.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:13.277",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189159"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346585"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-28 18:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22004580 | Mitigation, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99306 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/120744 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22004580 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99306 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/120744 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E1BC058F-27F6-4C3E-ACC7-85FBB22055DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF05C11-3541-4B88-ACAE-8C383EA383C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE01821C-590F-40E1-A973-5DF0EA0151D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB6F37-6F14-4313-82D8-7D1EF110852D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5887540-4EBE-484E-9C5B-3EFA0950BE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB504DC-E137-4026-BB16-E862045BD380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0DF071-1EB8-49FD-A279-A895A45B4679",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 120744. UAA release en todas las versiones de UAA v2.x.x, 3.6.x en versiones anteriores a la v3.6.13, 3.9.x en versiones anteriores a la v3.9.15, 3.20.x en versiones anteriores a la v3.20.0 y otras versiones anteriores a la v4.4.0; y UAA bosh release (uaa-release) 13.x en versiones anteriores a la v13.17 y versiones 24.x anteriores a la v24.12, versiones 30.x anteriores a la 30.5 y otras versiones anteriores a la v41, los administradores de zona puede escalar sus privilegios al mapear permisos para un proveedor externo."
}
],
"id": "CVE-2017-1106",
"lastModified": "2024-11-21T03:21:20.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-28T18:29:00.187",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-18 16:55
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 4.5 | |
| ibm | curam_social_program_management | 5.0 | |
| ibm | curam_social_program_management | 5.2 | |
| ibm | curam_social_program_management | 5.2 | |
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.3.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:4.5:sp10:*:*:*:*:*:*",
"matchCriteriaId": "F872D35E-6500-4198-9BC8-58B9AE7B541D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF336844-BB3F-463C-AE12-4D22D809D8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8540059F-8E22-4684-B161-B3EC5996286E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM Curam Social Program Management 4.5 SP10 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas manipuladas en un renderizador (1) custom JSP o (2) custom."
}
],
"id": "CVE-2014-3013",
"lastModified": "2024-11-21T02:07:19.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-18T16:55:07.750",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59259"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 21:59
Modified
2024-11-21 03:02
Severity ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. IBM X-Force ID: 120255."
}
],
"id": "CVE-2016-9979",
"lastModified": "2024-11-21T03:02:07.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T21:59:01.263",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001780"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/97993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97993"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-19 14:29
Modified
2024-11-21 03:59
Severity ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012528 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/137380 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012528 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/137380 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0.5 | |
| ibm | curam_social_program_management | 6.1.1.0 | |
| ibm | curam_social_program_management | 6.2.0.0 | |
| ibm | curam_social_program_management | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D7D9E2E-F969-456A-A3B0-E6ADD7C89A4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 en Citizen Portal podr\u00eda permitir que un usuario autenticado elimine aplicaciones enviadas por otro usuario del sistema y, posiblemente, obtenga privilegios. IBM X-Force ID: 137380."
}
],
"id": "CVE-2018-1362",
"lastModified": "2024-11-21T03:59:41.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-19T14:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-13 02:59
Modified
2024-11-21 02:10
Severity ?
Summary
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 | |
| ibm | curam_social_program_management | 6.0.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C2530A07-5606-47F9-A469-111974655233",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en la implementaci\u00f3n Universal Access en IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5 iFix007, y 6.0.5 anterior a 6.0.5.5 iFix003, cuando WebSphere Application Server no est\u00e1 utilizado, permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de la divisi\u00f3n de respuestas HTTP a trav\u00e9s de un par\u00e1metro no especificado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\"\u003eCWE-93: CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
"id": "CVE-2014-4803",
"lastModified": "2024-11-21T02:10:53.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-13T02:59:02.563",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-02 19:29
Modified
2024-11-21 02:19
Severity ?
Summary
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21700098 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/73947 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21700098 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73947 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE01821C-590F-40E1-A973-5DF0EA0151D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5iFix10 y 6.0.5 anterior a 6.0.5.6 permite que atacantes remotos carguen clases Java arbitrarias utilizando vectores no especificados."
}
],
"id": "CVE-2014-8903",
"lastModified": "2024-11-21T02:19:55.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-02T19:29:00.257",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73947"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189150 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6344069 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189150 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6344069 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XML External Entity Injection (XXE) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n confidencial, una denegaci\u00f3n de servicio, un ataque de tipo server side request forgery o consumir recursos de la memoria. IBM X-Force ID: 189150"
}
],
"id": "CVE-2020-4772",
"lastModified": "2024-11-21T05:33:13.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.633",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189150"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6344069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6344069"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-27 11:59
Modified
2024-11-21 02:13
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21697726 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21697726 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 5.2 | |
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.3.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E1BC058F-27F6-4C3E-ACC7-85FBB22055DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8540059F-8E22-4684-B161-B3EC5996286E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en los servlets (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, y (3) IEGEditorCommands en IBM Curam Social Program Management (SPM) 5.2 SP6 anterior a EP6, 6.0 SP2 anterior a EP26, 6.0.3 anterior a 6.0.3.0 iFix8, 6.0.4 anterior a 6.0.4.5 iFix10, y 6.0.5 anterior a 6.0.5.6 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."
}
],
"id": "CVE-2014-6090",
"lastModified": "2024-11-21T02:13:45.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-04-27T11:59:00.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697726"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189153 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346571 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189153 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346571 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user\u0027s device, restricted to a single location. IBM X-Force ID: 189153."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Esta vulnerabilidad permite a atacantes inyectar scripts maliciosos para aplicaciones web con el prop\u00f3sito de ejecutar acciones no deseadas en el dispositivo del usuario final, restringidas a una \u00fanica ubicaci\u00f3n. IBM X-Force ID: 189153"
}
],
"id": "CVE-2020-4775",
"lastModified": "2024-11-21T05:33:14.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189153"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346571"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-12 21:29
Modified
2024-11-21 02:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21981103 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/110604 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21981103 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/110604 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.0 | |
| ibm | curam_social_program_management | 6.1.0.0 | |
| ibm | curam_social_program_management | 6.1.0.1 | |
| ibm | curam_social_program_management | 6.1.1.0 | |
| ibm | curam_social_program_management | 6.1.1.1 | |
| ibm | care_management | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEFFDDC-B1A2-41A6-9040-77F4AF0C7855",
"versionEndIncluding": "6.0.4.6",
"versionStartIncluding": "6.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "267958CA-CD6E-43A3-818A-011BCAF81FB5",
"versionEndIncluding": "6.0.5.9",
"versionStartIncluding": "6.0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1714C14F-C267-45CD-851A-45F6B682711D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF05C11-3541-4B88-ACAE-8C383EA383C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:care_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A00D55C0-65AC-4FE1-A781-53B0CDA20FC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Curam Social Program Management, en versiones 6.0.0 anteriores a SP2 EP29; versiones 6.0.4 anteriores a la 6.0.4.6 iFix3; versiones 6.0.5 anteriores a la 6.0.5.9 iFix2; versiones 6.1.0 anteriores a la la 6.1.01 iFix1 y IBM Care Management 6.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 110604."
}
],
"id": "CVE-2016-0261",
"lastModified": "2024-11-21T02:41:22.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-12T21:29:00.453",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981103"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110604"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-14 02:59
Modified
2024-11-21 02:10
Severity ?
Summary
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.4 | |
| ibm | curam_social_program_management | 6.0.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "6161F2A6-3D0B-45E2-B945-C4E6D11AC1FF",
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page."
},
{
"lang": "es",
"value": "Curam Universal Access en IBM Curam Social Program Management 5.2 anterior a SP6 EP6, 6.0 SP2 anterior a EP26, 6.0.4.5 anterior a iFix007, 6.0.5.4 anterior a iFix005, y 6.0.5.5 anterior a iFix003, cuando la inclusi\u00f3n SPI est\u00e1 habilitada, permite a atacantes remotos obtener datos sensibles de usuarios mediante la visita a una p\u00e1gina no especificada."
}
],
"id": "CVE-2014-4804",
"lastModified": "2024-11-21T02:10:53.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-14T02:59:00.067",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-25 14:59
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 | |
| ibm | curam_social_program_management | 6.0.5.5 | |
| ibm | curam_social_program_management | 6.0.5.5a | |
| ibm | curam_social_program_management | 6.0.5.6 | |
| ibm | curam_social_program_management | 6.0.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D5729D-0FF8-4306-8D1F-544CA2F14740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5 iFix10, 6.0.5 anterior a 6.0.5.6, y 6.0.5.5a anterior a 6.0.5.8 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6192",
"lastModified": "2024-11-21T02:13:56.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-25T14:59:04.717",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-11 17:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012366 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102492 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134921 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012366 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102492 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134921 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB6F37-6F14-4313-82D8-7D1EF110852D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2470C8-C82E-4722-8106-DB95DB67683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5887540-4EBE-484E-9C5B-3EFA0950BE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FADA344-C7FE-413D-9DE6-1C6B265EB326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE932954-D562-4677-BE01-76EA26E98367",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB504DC-E137-4026-BB16-E862045BD380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB6406A-F797-45AB-82A9-B47D00B6C56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "577FC56E-AFBE-4D13-B89B-A3CD757C75B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0DF071-1EB8-49FD-A279-A895A45B4679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A288D3A5-C1C0-4BD2-99D6-306B88CB0A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE7A96F-78F9-4922-B614-C0467D8DF7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9455D90F-9E44-4D64-9470-E80A5C06CE3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 134921."
}
],
"id": "CVE-2017-1739",
"lastModified": "2024-11-21T03:22:17.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-11T17:29:00.290",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-20 17:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6596049 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6596049 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "134AEBD8-7BF5-4C5E-8231-D01A68D3BA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7613A179-35F1-4943-8D0C-0BD34AA2592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesi\u00f3n tras el cierre de sesi\u00f3n, lo que podr\u00eda permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema"
}
],
"id": "CVE-2022-22318",
"lastModified": "2024-11-21T06:46:37.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T17:15:08.613",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218283"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189156 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346575 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189156 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346575 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the C\u00c3\u00baram application. IBM X-Force ID: 189156."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, usa un algoritmo MD5 para el hash del token en una sola instancia, que es menos seguro que el algoritmo criptogr\u00e1fico predeterminado SHA-256 usado en toda la aplicaci\u00f3n C\u00c3\u0192\u00c2\u00baram. IBM X-Force ID: 189156"
}
],
"id": "CVE-2020-4778",
"lastModified": "2024-11-21T05:33:14.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:13.027",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189156"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346575"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2024-11-21 03:01
Severity ?
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007156 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/119761 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007156 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/119761 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE01821C-590F-40E1-A973-5DF0EA0151D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB6F37-6F14-4313-82D8-7D1EF110852D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5887540-4EBE-484E-9C5B-3EFA0950BE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB504DC-E137-4026-BB16-E862045BD380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0DF071-1EB8-49FD-A279-A895A45B4679",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 y 7.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando las funcionalidades planeadas. Esto podr\u00eda desembocar en una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 119761."
}
],
"id": "CVE-2016-9732",
"lastModified": "2024-11-21T03:01:40.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:12.640",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-20 17:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6596049 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6596049 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "134AEBD8-7BF5-4C5E-8231-D01A68D3BA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7613A179-35F1-4943-8D0C-0BD34AA2592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
"matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesi\u00f3n tras el cierre de sesi\u00f3n, lo que podr\u00eda permitir a un usuario autenticado hacerse pasar por otro en el sistema. IBM X-Force ID: 218281"
}
],
"id": "CVE-2022-22317",
"lastModified": "2024-11-21T06:46:37.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T17:15:08.557",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218281"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-11 16:29
Modified
2024-11-21 04:00
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106187 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144747 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10739027 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106187 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144747 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10739027 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EE56D4-227E-4B16-9633-EC0F595E8437",
"versionEndIncluding": "6.0.5.10",
"versionStartIncluding": "6.0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994F1139-08C1-4E54-A680-955C1AC7B8E5",
"versionEndIncluding": "6.1.1.6",
"versionStartIncluding": "6.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8F6BB2-FE27-4A7C-8AA4-53BEC6AEC54E",
"versionEndIncluding": "6.2.0.6",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "396EE8D1-90C5-46C5-BBF0-07CA5B7FCA0A",
"versionEndIncluding": "7.0.1.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "495D1388-9448-4A5A-BE3E-C6DDF9F01A76",
"versionEndIncluding": "7.0.3.0",
"versionStartIncluding": "7.0.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management, en sus versiones 6.0.5, 6.1.1, 6.2.0, 7.0.1, y 7.0.3, podr\u00eda permitir a un atacante remoto llevar a cabo ataques de phishing, empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 144747."
}
],
"id": "CVE-2018-1654",
"lastModified": "2024-11-21T04:00:08.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-11T16:29:00.560",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106187"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007161 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/120915 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007161 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/120915 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE01821C-590F-40E1-A973-5DF0EA0151D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB6F37-6F14-4313-82D8-7D1EF110852D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5887540-4EBE-484E-9C5B-3EFA0950BE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB504DC-E137-4026-BB16-E862045BD380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0DF071-1EB8-49FD-A279-A895A45B4679",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 y 7.0 contiene una vulnerabilidad no especificada que podr\u00eda permitir que un usuario autenticado visualice los incidentes de un usuario con m\u00e1s privilegios. IBM X-Force ID: 120915."
}
],
"id": "CVE-2017-1110",
"lastModified": "2024-11-21T03:21:20.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.313",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 00:55
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en el componente Universal Access en IBM Curam Social Program Management (SPM) 6.0.5.5, cuando WebSphere Application Server no est\u00e1 utilizado, permiten a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de par\u00e1metros no especificados."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
"id": "CVE-2014-3069",
"lastModified": "2024-11-21T02:07:24.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-12T00:55:03.627",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59688"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 21:59
Modified
2024-11-21 03:02
Severity ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E1BC058F-27F6-4C3E-ACC7-85FBB22055DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF05C11-3541-4B88-ACAE-8C383EA383C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 5.2, 6.0 y 7.0 podr\u00eda permitir a un atacante autenticado revelar informaci\u00f3n confidencial. IBM X-Force ID: 120254."
}
],
"id": "CVE-2016-9978",
"lastModified": "2024-11-21T03:02:07.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T21:59:01.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001782"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/97990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97990"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-10 02:59
Modified
2024-11-21 02:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D702129-A724-4859-9A06-5B0FFE4EEAFD",
"versionEndIncluding": "6.0.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Curam Social Program Management anterior a 6.0.5.5a permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-3096",
"lastModified": "2024-11-21T02:07:27.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-10T02:59:23.990",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 15:29
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698430 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/73946 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698430 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73946 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 | |
| ibm | curam_social_program_management | 6.0.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en las versiones 6.0 SP2, 6.0.4 y 6.0.5 de IBM Curam Social Program Management permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 98568."
}
],
"id": "CVE-2014-6191",
"lastModified": "2024-11-21T02:13:56.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T15:29:00.257",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698430"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73946"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 21:59
Modified
2024-11-21 03:00
Severity ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E1BC058F-27F6-4C3E-ACC7-85FBB22055DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF05C11-3541-4B88-ACAE-8C383EA383C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 5.2, 6.0 y 7.0 contienen una vulnerabilidad que podr\u00eda permitir a usuarios autorizados obtener informaci\u00f3n sensible del perfil de un usuario m\u00e1s privilegiado al que no deber\u00eda tener acceso. IBM X-Force ID: 118536."
}
],
"id": "CVE-2016-8923",
"lastModified": "2024-11-21T03:00:18.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T21:59:01.187",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001774"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/97989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97989"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189157 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346579 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189157 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346579 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Verb Tampering HTTP puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Mediante el env\u00edo de una petici\u00f3n especialmente dise\u00f1ada, un atacante podr\u00eda explotar esta vulnerabilidad para omitir los controles de acceso de seguridad. IBM X-Force ID: 189156"
}
],
"id": "CVE-2020-4779",
"lastModified": "2024-11-21T05:33:14.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:13.133",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189157"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346579"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 21:59
Modified
2024-11-21 03:02
Severity ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E1BC058F-27F6-4C3E-ACC7-85FBB22055DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF05C11-3541-4B88-ACAE-8C383EA383C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar c\u00f3digo JavaScript arbitrario en la interfaz de usuario Web, alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. IBM X-Force ID: 120256."
}
],
"id": "CVE-2016-9980",
"lastModified": "2024-11-21T03:02:07.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T21:59:01.310",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001779"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/98005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98005"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189154 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346573 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189154 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346573 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podr\u00eda permitir a un atacante remoto saltar directorios en el sistema. Un atacante podr\u00eda enviar una ruta de archivo especialmente dise\u00f1ada en una petici\u00f3n de URL para visualizar archivos arbitrarios en el sistema. IBM X-Force ID: 189154"
}
],
"id": "CVE-2020-4776",
"lastModified": "2024-11-21T05:33:14.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.900",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189154"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346573"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-27 11:59
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21697742 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21697742 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 | |
| ibm | curam_social_program_management | 6.0.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:sp6:*:*:*:*:*:*",
"matchCriteriaId": "6161F2A6-3D0B-45E2-B945-C4E6D11AC1FF",
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management (SPM) 5.2 anterior a SP6 EP6, 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.6, y 6.0.5 anterior a 6.0.5.6 requiere el manejo de inicio de sesi\u00f3n fallado para cuentas del servicio web para tener la misma pol\u00edtica de bloqueo que las cuentas de usuario est\u00e1ndares, lo que facilita a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n del servicio web) mediante la realizaci\u00f3n de muchos intentos de inicio de sesi\u00f3n con un nombre v\u00e1lido de cuenta de trabajador social."
}
],
"id": "CVE-2014-6092",
"lastModified": "2024-11-21T02:13:45.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-27T11:59:02.433",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189152 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346595 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189152 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346595 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo XPath puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, causada por el manejo inapropiado de una entrada suministrada por el usuario. Mediante el env\u00edo de una entrada especialmente dise\u00f1ada, un atacante remoto podr\u00eda explotar esta vulnerabilidad para conseguir acceso no autorizado o revelar informaci\u00f3n confidencial, como la estructura y el contenido de un documento XML. IBM X-Force ID: 189152"
}
],
"id": "CVE-2020-4774",
"lastModified": "2024-11-21T05:33:14.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.760",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189152"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346595"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-31 18:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22000833 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97244 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22000833 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97244 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E1BC058F-27F6-4C3E-ACC7-85FBB22055DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF05C11-3541-4B88-ACAE-8C383EA383C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0 y 7.0 son vulnerables a una denegaci\u00f3n de servicio, causada por un error de XML Entity Injection XXE al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente sensible o consumir todos los recursos de memoria disponibles. IBM Reference #: 2000833."
}
],
"id": "CVE-2016-6111",
"lastModified": "2024-11-21T02:55:28.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-31T18:59:00.280",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000833"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97244"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-07 19:29
Modified
2024-11-21 04:03
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10883184 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10883184 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | * | |
| ibm | curam_social_program_management | 7.0.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994F1139-08C1-4E54-A680-955C1AC7B8E5",
"versionEndIncluding": "6.1.1.6",
"versionStartIncluding": "6.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8F6BB2-FE27-4A7C-8AA4-53BEC6AEC54E",
"versionEndIncluding": "6.2.0.6",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43349272-CEB2-4326-8C90-8E738A459F03",
"versionEndIncluding": "7.0.4.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0745A868-C2E1-4BCD-A99A-B3692E2F1148",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
},
{
"lang": "es",
"value": "IBM Cram Social Program Management, versiones 6.1.1, 6.2.0, 7.0.4 y 7.0.5, es vulnerable a ataques CSRF, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. IBM X-Force ID: 154891."
}
],
"id": "CVE-2018-2001",
"lastModified": "2024-11-21T04:03:34.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T19:29:00.347",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 19:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/215306 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6570589 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/215306 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6570589 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.11.0 | |
| ibm | curam_social_program_management | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7441C1-F528-4C69-976A-7109EB87BC3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7613A179-35F1-4943-8D0C-0BD34AA2592E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management versiones 8.0.1 y 7.0.11, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario de la Web, alterando as\u00ed la funcionalidad prevista y conllevando potencialmente a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 215306"
}
],
"id": "CVE-2021-39068",
"lastModified": "2024-11-21T06:18:32.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T19:15:08.353",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215306"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6570589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6570589"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-18 16:55
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 5.2 | |
| ibm | curam_social_program_management | 5.2 | |
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.3.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8540059F-8E22-4684-B161-B3EC5996286E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en IBM Curam Social Program Management 5.2 SP1 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de par\u00e1metros no especificados en custom JSPs."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"",
"id": "CVE-2014-3012",
"lastModified": "2024-11-21T02:07:19.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-18T16:55:07.687",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59257"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-11 16:29
Modified
2024-11-21 04:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106189 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/152529 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10739035 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106189 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/152529 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10739035 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EE56D4-227E-4B16-9633-EC0F595E8437",
"versionEndIncluding": "6.0.5.10",
"versionStartIncluding": "6.0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994F1139-08C1-4E54-A680-955C1AC7B8E5",
"versionEndIncluding": "6.1.1.6",
"versionStartIncluding": "6.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8F6BB2-FE27-4A7C-8AA4-53BEC6AEC54E",
"versionEndIncluding": "6.2.0.6",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "396EE8D1-90C5-46C5-BBF0-07CA5B7FCA0A",
"versionEndIncluding": "7.0.1.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9570E74-507D-40C2-B081-AE42E15FB9D8",
"versionEndIncluding": "7.0.4.0",
"versionStartIncluding": "7.0.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.3 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 152529."
}
],
"id": "CVE-2018-1900",
"lastModified": "2024-11-21T04:00:33.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-11T16:29:02.200",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106189"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152529"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739035"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189151 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6344097 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189151 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6344097 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, que es un ataque que forza a un usuario a ejecutar acciones no deseadas en la aplicaci\u00f3n web mientras est\u00e1 actualmente autenticado. Esto se aplica a una \u00fanica clase de servidor, sin impacto en el resto de la aplicaci\u00f3n web. IBM X-Force ID: 189151"
}
],
"id": "CVE-2020-4773",
"lastModified": "2024-11-21T05:33:13.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:12.697",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189151"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6344097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6344097"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2024-11-21 02:32
Severity ?
Summary
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.1 | |
| ibm | curam_social_program_management | 6.0.2 | |
| ibm | curam_social_program_management | 6.0.3 | |
| ibm | curam_social_program_management | 6.0.4 | |
| ibm | curam_social_program_management | 6.0.5 | |
| ibm | curam_social_program_management | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4AC7D3-4D89-4249-BA63-2BDB26BA9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "140530EF-9ABC-4205-86B3-D08F12AF492C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2844EFB8-2092-42FD-A7A9-0FBA69693DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD70D1FB-46F5-4759-8C11-F02463A4E883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6240369-0699-49A9-9CE7-6BF2098BF909",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Curam Social Program Management 6.1 en versiones anteriores a 6.1.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-5023",
"lastModified": "2024-11-21T02:32:11.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-03T05:59:04.913",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 16:29
Modified
2024-11-21 02:10
Severity ?
Summary
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21698548 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/73943 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21698548 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/73943 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5C54B484-6735-460B-B8CD-CEC0A95E9E8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL."
},
{
"lang": "es",
"value": "Curam Universal Access en IBM Curam Social Program Management (SPM), versiones 6.0 SP2 anteriores a la EP26, 6.0.4 anteriores a la 6.0.4.6 y 6.0.5 anteriores a la 6.0.5.5 iFix5 permite a atacantes remotos obtener informaci\u00f3n sensible acerca de los nombres de los usuarios internos a trav\u00e9s de vectores relacionados con la URL."
}
],
"id": "CVE-2014-4843",
"lastModified": "2024-11-21T02:10:58.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T16:29:00.183",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/73943"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-23 21:55
Modified
2024-11-21 02:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Curam Social Program Management (SPM) 6.0.4 anterior a 6.0.4.5 iFix7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2014-6091",
"lastModified": "2024-11-21T02:13:45.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-23T21:55:04.990",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684930"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95869"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-11 17:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012372 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102498 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/134922 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012372 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102498 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/134922 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB6F37-6F14-4313-82D8-7D1EF110852D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2470C8-C82E-4722-8106-DB95DB67683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5887540-4EBE-484E-9C5B-3EFA0950BE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FADA344-C7FE-413D-9DE6-1C6B265EB326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE932954-D562-4677-BE01-76EA26E98367",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB504DC-E137-4026-BB16-E862045BD380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB6406A-F797-45AB-82A9-B47D00B6C56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "577FC56E-AFBE-4D13-B89B-A3CD757C75B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0DF071-1EB8-49FD-A279-A895A45B4679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A288D3A5-C1C0-4BD2-99D6-306B88CB0A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE7A96F-78F9-4922-B614-C0467D8DF7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9455D90F-9E44-4D64-9470-E80A5C06CE3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A60216A-2DDA-4F91-B127-B8071BEBD040",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.2 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 134922."
}
],
"id": "CVE-2017-1740",
"lastModified": "2024-11-21T03:22:17.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-11T17:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102498"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-10 14:29
Modified
2024-11-21 04:00
Severity ?
Summary
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/106202 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144951 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10739019 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106202 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144951 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10739019 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "112D3D1E-6DC4-4233-932F-9E5CD3A1F33A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-force ID: 144951."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 7.0.3 es vulnerable a una inyecci\u00f3n HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, al ser visualizado, se ejecutar\u00eda en el navegador web de la v\u00edctima en el contexto de seguridad del sitio que aloja. IBM X-Force ID: 144951."
}
],
"id": "CVE-2018-1671",
"lastModified": "2024-11-21T04:00:10.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-10T14:29:01.713",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106202"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-04 14:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6395108 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6395108 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A7441C1-F528-4C69-976A-7109EB87BC3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management versiones 7.0.9 y 7.0.11, es vulnerable a un ataque de tipo cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web conf\u00eda.\u0026#xa0;IBM X-Force ID: 191942."
}
],
"id": "CVE-2020-4942",
"lastModified": "2024-11-21T05:33:27.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-04T14:15:14.330",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6395108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6395108"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-02 05:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6240369-0699-49A9-9CE7-6BF2098BF909",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Curam Social Program Management 6.1 en versiones anteriores a 6.1.1.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-7402",
"lastModified": "2024-11-21T02:36:43.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-02T05:59:05.783",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970661"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-26 18:29
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21977425 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/107106 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21977425 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/107106 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDD6A378-3F2B-40DE-8723-C507F4586338",
"versionEndExcluding": "6.1.1.1",
"versionStartIncluding": "6.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106."
},
{
"lang": "es",
"value": "Las versiones 6.1.x de IBM Curam Social Program Management anteriores a la 6.1.1.1 permiten que usuarios autenticados remotos omitan restricciones de acceso previstas y obtengan informaci\u00f3n de documentos de car\u00e1cter sensible adivinando el identificador del documento. IBM X-Force ID: 107106."
}
],
"id": "CVE-2015-7401",
"lastModified": "2024-11-21T02:36:43.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T18:29:00.550",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977425"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 21:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22007160 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/123670 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22007160 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/123670 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32D0CA3E-2649-4B4B-A805-81213FC07A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "510DC15C-03F8-4058-A88A-13EFC48A43C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4971ADE2-3F58-4B42-9EC6-EFF3CF967E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE01821C-590F-40E1-A973-5DF0EA0151D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5F30D0-82C1-4F88-9FDB-A8E6D6D39591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "23EA1C1F-003F-4411-AC1D-F75811D6FFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E89D44FA-FE58-4A4E-8DB1-BA9667A16612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FCFA0-2443-4AE9-ACE6-394A67443808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A5540-525C-4F99-BA26-3B988B5A08D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C061E-A4F5-4478-A9E4-D8BA156085B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12A2D187-7B5D-44D1-A766-A972F257EF54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1991AF-E483-4A6E-938B-D1B6796FF135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6695193E-0347-4E20-A991-038CC3BA6386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B972B5E-6825-4DD5-8BB6-851DFFBB5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C202FC-EA69-429B-85C6-F58A093C901F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB6F37-6F14-4313-82D8-7D1EF110852D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89A3A8B1-8088-4FCC-A38C-96526201F159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F666549A-5879-4141-A97F-347B52755092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "808EF0E6-842C-4E81-8743-01230D32532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7020B7F8-0C57-4533-B49F-559058A23CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5887540-4EBE-484E-9C5B-3EFA0950BE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E303C07-8CB1-4EF8-82F3-4C2B3C664812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2923B5C1-78A5-4A0D-B18E-DAC59B62EBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58610A13-D6F7-49BA-A576-350DACC5C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA53735-7E72-4717-9168-38286B5261E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB504DC-E137-4026-BB16-E862045BD380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "180CE3A7-BA57-49B4-8103-20E12CD37435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0DF071-1EB8-49FD-A279-A895A45B4679",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
},
{
"lang": "es",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, y 7.0 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 123670."
}
],
"id": "CVE-2017-1195",
"lastModified": "2024-11-21T03:21:28.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T21:29:00.527",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 13:15
Modified
2024-11-21 05:33
Severity ?
Summary
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/189158 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6346581 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/189158 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6346581 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | curam_social_program_management | 7.0.9.0 | |
| ibm | curam_social_program_management | 7.0.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE7A637-E0E7-46D7-AF55-CCD7C6541F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4A712C-A95E-4A49-AD9B-16BF6C1A6E5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the \u0027secure\u0027 attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158."
},
{
"lang": "es",
"value": "Los scripts de compilaci\u00f3n de OOTB no establecen el atributo seguro en la cookie de sesi\u00f3n, lo que puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0,10. El prop\u00f3sito del atributo \"secure\" es impedir que las cookies sean observadas por partes no autorizadas. IBM X-Force ID: 189158"
}
],
"id": "CVE-2020-4780",
"lastModified": "2024-11-21T05:33:14.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T13:15:13.213",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189158"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6346581"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-22317
Vulnerability from cvelistv5
Published
2022-06-20 16:25
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6596049 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 8.0.0 Version: 8.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"name": "ibm-curam-cve202222317-session-fixation (218281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.1"
}
]
}
],
"datePublic": "2022-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/AC:L/UI:N/S:U/I:L/A:L/AV:L/PR:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T16:25:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"name": "ibm-curam-cve202222317-session-fixation (218281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-17T00:00:00",
"ID": "CVE-2022-22317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "L",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596049",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596049 (Curam Social Program Management)",
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"name": "ibm-curam-cve202222317-session-fixation (218281)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22317",
"datePublished": "2022-06-20T16:25:14.820349Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:20:48.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4843
Vulnerability from cvelistv5
Published
2017-06-08 16:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/73943 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21698548 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73943"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-08T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "73943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73943"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73943"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4843",
"datePublished": "2017-06-08T16:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6091
Vulnerability from cvelistv5
Published
2014-09-23 21:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95869 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21684930 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-curam-cve20146091-xss(95869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684930"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-curam-cve20146091-xss(95869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684930"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-curam-cve20146091-xss(95869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95869"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684930",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6091",
"datePublished": "2014-09-23T21:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4942
Vulnerability from cvelistv5
Published
2021-01-04 14:00
Modified
2024-09-16 21:56
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6395108 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6395108"
},
{
"name": "ibm-curam-cve20204942-csrf (191942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.11"
}
]
}
],
"datePublic": "2020-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AV:N/AC:L/UI:R/PR:N/I:H/C:N/S:U/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T14:00:39",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6395108"
},
{
"name": "ibm-curam-cve20204942-csrf (191942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-12-31T00:00:00",
"ID": "CVE-2020-4942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.11"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6395108",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6395108 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6395108"
},
{
"name": "ibm-curam-cve20204942-csrf (191942)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4942",
"datePublished": "2021-01-04T14:00:39.581422Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T21:56:52.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4781
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-17 03:37
Severity ?
EPSS score ?
Summary
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346585 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346585"
},
{
"name": "ibm-curam-cve20204781-dos (189159)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AV:N/PR:L/C:N/UI:N/S:U/AC:L/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:39",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346585"
},
{
"name": "ibm-curam-cve20204781-dos (189159)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "N",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346585",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346585 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346585"
},
{
"name": "ibm-curam-cve20204781-dos (189159)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4781",
"datePublished": "2020-10-12T13:05:39.850417Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:37:25.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8923
Vulnerability from cvelistv5
Published
2017-04-20 21:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22001774 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97989 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001774"
},
{
"name": "97989",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
],
"datePublic": "2017-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001774"
},
{
"name": "97989",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001774",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001774"
},
{
"name": "97989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8923",
"datePublished": "2017-04-20T21:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6090
Vulnerability from cvelistv5
Published
2015-04-27 01:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21697726 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-27T01:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697726",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6090",
"datePublished": "2015-04-27T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4773
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6344097 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189151 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6344097"
},
{
"name": "ibm-curam-cve20204773-csrf (189151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:N/S:U/UI:R/AC:L/I:H/A:N/AV:N/PR:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:36",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6344097"
},
{
"name": "ibm-curam-cve20204773-csrf (189151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6344097",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6344097 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6344097"
},
{
"name": "ibm-curam-cve20204773-csrf (189151)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4773",
"datePublished": "2020-10-12T13:05:36.650119Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T22:29:43.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1362
Vulnerability from cvelistv5
Published
2018-01-19 14:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012528 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/137380 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.5 Version: 6.1.1 Version: 6.2.0 Version: 7.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2018-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-19T13:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-12T00:00:00",
"ID": "CVE-2018-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012528",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1362",
"datePublished": "2018-01-19T14:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:30:47.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4804
Vulnerability from cvelistv5
Published
2015-02-14 02:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95306 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695931 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-curam-cve20144804-info-disc(95306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-curam-cve20144804-info-disc(95306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-curam-cve20144804-info-disc(95306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95306"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4804",
"datePublished": "2015-02-14T02:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7401
Vulnerability from cvelistv5
Published
2018-03-26 18:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21977425 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/107106 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977425"
},
{
"name": "ibm-curam-cve20157401-info-disc(107106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-26T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977425"
},
{
"name": "ibm-curam-cve20157401-info-disc(107106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21977425",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977425"
},
{
"name": "ibm-curam-cve20157401-info-disc(107106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/107106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7401",
"datePublished": "2018-03-26T18:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1654
Vulnerability from cvelistv5
Published
2018-12-11 16:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/144747 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/106187 | vdb-entry, x_refsource_BID | |
| https://www.ibm.com/support/docview.wss?uid=ibm10739027 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 6.0.5 Version: 6.1.1 Version: 6.2.0 Version: 7.0.1 Version: 7.0.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-curam-cve20181654-open-redirect(144747)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
},
{
"name": "106187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.3"
}
]
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-curam-cve20181654-open-redirect(144747)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
},
{
"name": "106187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-06T00:00:00",
"ID": "CVE-2018-1654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-curam-cve20181654-open-redirect(144747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
},
{
"name": "106187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106187"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10739027",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1654",
"datePublished": "2018-12-11T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T21:57:16.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2001
Vulnerability from cvelistv5
Published
2019-05-07 18:35
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10883184 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 7.0.5 Version: 7.0.4 Version: 6.2.0 Version: 6.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.1.1"
}
]
}
],
"datePublic": "2019-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/UI:R/S:U/PR:N/C:N/I:L/AV:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T18:35:20",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-03T00:00:00",
"ID": "CVE-2018-2001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "7.0.5"
},
{
"version_value": "7.0.4"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10883184",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 883184 (Cram Social Program Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-2001",
"datePublished": "2019-05-07T18:35:20.747030Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:58:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3012
Vulnerability from cvelistv5
Published
2014-06-18 16:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/59257 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21675454 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93010 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"
},
{
"name": "ibm-curam-cve20143012-crlf-injection(93010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "59257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"
},
{
"name": "ibm-curam-cve20143012-crlf-injection(93010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59257"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"
},
{
"name": "ibm-curam-cve20143012-crlf-injection(93010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3012",
"datePublished": "2014-06-18T16:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1106
Vulnerability from cvelistv5
Published
2017-06-28 18:00
Modified
2024-09-16 18:07
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99306 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22004580 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/120744 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.4 Version: 6.0.5 Version: 6.0 Version: 5.2 Version: 6.1.0 Version: 6.1.1 Version: 6.2.0 Version: 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-29T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "99306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-26T00:00:00",
"ID": "CVE-2017-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0"
},
{
"version_value": "5.2"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99306"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004580",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1106",
"datePublished": "2017-06-28T18:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T18:07:51.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3013
Vulnerability from cvelistv5
Published
2014-06-18 16:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21675415 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59259 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93011 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"name": "59259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59259"
},
{
"name": "ibm-curan-cve20143013-xss(93011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"name": "59259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59259"
},
{
"name": "ibm-curan-cve20143013-xss(93011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675415"
},
{
"name": "59259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59259"
},
{
"name": "ibm-curan-cve20143013-xss(93011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3013",
"datePublished": "2014-06-18T16:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1739
Vulnerability from cvelistv5
Published
2018-01-11 17:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102492 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22012366 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/134921 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.5 Version: 6.1.1 Version: 6.2.0 Version: 7.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102492"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012366",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1739",
"datePublished": "2018-01-11T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T03:13:43.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6191
Vulnerability from cvelistv5
Published
2017-09-19 15:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/73946 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21698430 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73946"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698430"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "73946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73946"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698430"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73946"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698430",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698430"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6191",
"datePublished": "2017-09-19T15:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6092
Vulnerability from cvelistv5
Published
2015-04-27 01:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21697742 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-27T01:57:00",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6092",
"datePublished": "2015-04-27T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1900
Vulnerability from cvelistv5
Published
2018-12-11 16:00
Modified
2024-09-17 01:01
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10739035 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106189 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/152529 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 6.0.5 Version: 6.1.1 Version: 6.2.0 Version: 7.0.1 Version: 7.0.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739035"
},
{
"name": "106189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106189"
},
{
"name": "ibm-curam-cve20181900-xss(152529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.4"
}
]
}
],
"datePublic": "2018-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-13T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739035"
},
{
"name": "106189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106189"
},
{
"name": "ibm-curam-cve20181900-xss(152529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-06T00:00:00",
"ID": "CVE-2018-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10739035",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739035"
},
{
"name": "106189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106189"
},
{
"name": "ibm-curam-cve20181900-xss(152529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1900",
"datePublished": "2018-12-11T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T01:01:09.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1740
Vulnerability from cvelistv5
Published
2018-01-11 17:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012372 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/134922 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102498 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.5 Version: 6.1.1 Version: 6.2.0 Version: 7.0.1 Version: 7.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012372",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1740",
"datePublished": "2018-01-11T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:47:27.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5023
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21967851 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-03T04:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5023",
"datePublished": "2016-01-03T02:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4778
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-17 03:54
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346575 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189156 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346575"
},
{
"name": "ibm-curam-cve20204778-info-disc (189156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the C\u00c3\u00baram application. IBM X-Force ID: 189156."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/AC:H/UI:N/S:U/C:H/PR:N/AV:N/A:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:38",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346575"
},
{
"name": "ibm-curam-cve20204778-info-disc (189156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the C\u00c3\u00baram application. IBM X-Force ID: 189156."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346575",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346575 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346575"
},
{
"name": "ibm-curam-cve20204778-info-disc (189156)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4778",
"datePublished": "2020-10-12T13:05:38.522339Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:54:20.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4779
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346579 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189157 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346579"
},
{
"name": "ibm-curam-cve20204779-sec-bypass (189157)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/PR:L/S:U/UI:N/C:H/I:H/AC:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:38",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346579"
},
{
"name": "ibm-curam-cve20204779-sec-bypass (189157)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346579",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346579 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346579"
},
{
"name": "ibm-curam-cve20204779-sec-bypass (189157)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4779",
"datePublished": "2020-10-12T13:05:38.969844Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T20:12:01.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6192
Vulnerability from cvelistv5
Published
2015-05-25 14:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21700252 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-25T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6192",
"datePublished": "2015-05-25T14:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9979
Vulnerability from cvelistv5
Published
2017-04-20 21:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97993 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22001780 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97993"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
],
"datePublic": "2017-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "97993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97993"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97993"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001780",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9979",
"datePublished": "2017-04-20T21:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9978
Vulnerability from cvelistv5
Published
2017-04-20 21:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22001782 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97990 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001782"
},
{
"name": "97990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
],
"datePublic": "2017-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001782"
},
{
"name": "97990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001782",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001782"
},
{
"name": "97990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9978",
"datePublished": "2017-04-20T21:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1195
Vulnerability from cvelistv5
Published
2017-08-29 21:00
Modified
2024-09-16 16:52
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22007160 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/123670 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.4 Version: 6.0.5 Version: 6.1.0 Version: 6.1.1 Version: 6.2.0 Version: 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007160",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1195",
"datePublished": "2017-08-29T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T16:52:56.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0261
Vulnerability from cvelistv5
Published
2018-03-12 21:00
Modified
2024-08-05 22:15
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/110604 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21981103 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-curam-cve20160261-xss(110604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-12T20:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-curam-cve20160261-xss(110604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-curam-cve20160261-xss(110604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110604"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981103",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0261",
"datePublished": "2018-03-12T21:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4803
Vulnerability from cvelistv5
Published
2015-02-13 02:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95305 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695925 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-curam-cve20144803-crlf(95305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-curam-cve20144803-crlf(95305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-curam-cve20144803-crlf(95305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95305"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4803",
"datePublished": "2015-02-13T02:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4775
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346571 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189153 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346571"
},
{
"name": "ibm-curam-cve20204775-xss (189153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user\u0027s device, restricted to a single location. IBM X-Force ID: 189153."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/UI:R/S:C/C:L/I:L/AC:L/AV:N/A:N/PR:L/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:37",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346571"
},
{
"name": "ibm-curam-cve20204775-xss (189153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user\u0027s device, restricted to a single location. IBM X-Force ID: 189153."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346571",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346571 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346571"
},
{
"name": "ibm-curam-cve20204775-xss (189153)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4775",
"datePublished": "2020-10-12T13:05:37.530211Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:03:21.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22318
Vulnerability from cvelistv5
Published
2022-06-20 16:25
Modified
2024-09-16 22:25
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6596049 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 8.0.0 Version: 8.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"name": "ibm-curam-cve202222318-session-fixation (218283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.1"
}
]
}
],
"datePublic": "2022-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/AV:L/A:L/I:L/S:U/AC:L/UI:N/C:L/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T16:25:16",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"name": "ibm-curam-cve202222318-session-fixation (218283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-17T00:00:00",
"ID": "CVE-2022-22318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "L",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596049",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596049 (Curam Social Program Management)",
"url": "https://www.ibm.com/support/pages/node/6596049"
},
{
"name": "ibm-curam-cve202222318-session-fixation (218283)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22318",
"datePublished": "2022-06-20T16:25:16.509209Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:25:40.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4774
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346595 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189152 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346595"
},
{
"name": "ibm-curam-cve20204774-info-disc (189152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/UI:N/S:U/AC:L/I:L/A:N/AV:N/PR:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:37",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346595"
},
{
"name": "ibm-curam-cve20204774-info-disc (189152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346595",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346595 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346595"
},
{
"name": "ibm-curam-cve20204774-info-disc (189152)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4774",
"datePublished": "2020-10-12T13:05:37.095122Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:14:08.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9732
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-09-16 16:53
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/119761 | x_refsource_MISC | |
| http://www.ibm.com/support/docview.wss?uid=swg22007156 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.4 Version: 6.0.5 Version: 6.1.0 Version: 6.1.1 Version: 6.2.0 Version: 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2016-9732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007156",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9732",
"datePublished": "2017-08-28T20:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T16:53:10.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3096
Vulnerability from cvelistv5
Published
2015-01-10 02:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21692994 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94264 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"name": "ibm-curam-cve20143096-xss(94264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"name": "ibm-curam-cve20143096-xss(94264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692994"
},
{
"name": "ibm-curam-cve20143096-xss(94264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3096",
"datePublished": "2015-01-10T02:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1110
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-09-16 21:08
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22007161 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/120915 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Cram Social Program Management |
Version: 6.0.4 Version: 6.0.5 Version: 6.1.0 Version: 6.1.1 Version: 6.2.0 Version: 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2017-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007161",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1110",
"datePublished": "2017-08-28T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T21:08:05.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4780
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346581 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189158 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346581"
},
{
"name": "ibm-curam-cve20204780-info-disc (189158)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the \u0027secure\u0027 attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:N/AV:N/A:N/I:N/AC:L/S:U/UI:R/C:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:39",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346581"
},
{
"name": "ibm-curam-cve20204780-info-disc (189158)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the \u0027secure\u0027 attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346581",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346581 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346581"
},
{
"name": "ibm-curam-cve20204780-info-disc (189158)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4780",
"datePublished": "2020-10-12T13:05:39.409351Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:11:25.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4772
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6344069 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189150 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6344069"
},
{
"name": "ibm-curam-cve20204772-xxe (189150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/I:N/C:H/S:U/UI:N/PR:L/A:L/AV:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:36",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6344069"
},
{
"name": "ibm-curam-cve20204772-xxe (189150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6344069",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6344069 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6344069"
},
{
"name": "ibm-curam-cve20204772-xxe (189150)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4772",
"datePublished": "2020-10-12T13:05:36.161604Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:58:38.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7402
Vulnerability from cvelistv5
Published
2016-01-02 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21970661 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-02T04:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970661",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7402",
"datePublished": "2016-01-02T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4776
Vulnerability from cvelistv5
Published
2020-10-12 13:05
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6346573 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/189154 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6346573"
},
{
"name": "ibm-curam-cve20204776-path-traversal (189154)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam SPM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.9"
},
{
"status": "affected",
"version": "7.0.10"
}
]
}
],
"datePublic": "2020-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/PR:N/S:U/UI:N/C:L/I:N/AC:L/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:05:37",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6346573"
},
{
"name": "ibm-curam-cve20204776-path-traversal (189154)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-10-08T00:00:00",
"ID": "CVE-2020-4776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam SPM",
"version": {
"version_data": [
{
"version_value": "7.0.9"
},
{
"version_value": "7.0.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6346573",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6346573 (Curam SPM)",
"url": "https://www.ibm.com/support/pages/node/6346573"
},
{
"name": "ibm-curam-cve20204776-path-traversal (189154)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4776",
"datePublished": "2020-10-12T13:05:37.983125Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T23:00:33.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3069
Vulnerability from cvelistv5
Published
2014-08-12 00:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21681213 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59688 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94839 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"name": "59688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59688"
},
{
"name": "ibm-curam-cve20143069-csrf(94839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"name": "59688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59688"
},
{
"name": "ibm-curam-cve20143069-csrf(94839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681213"
},
{
"name": "59688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59688"
},
{
"name": "ibm-curam-cve20143069-csrf(94839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3069",
"datePublished": "2014-08-12T00:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-39068
Vulnerability from cvelistv5
Published
2022-04-11 18:17
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6570589 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/215306 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 7.0.11 Version: 8.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6570589"
},
{
"name": "ibm-curam-cve202139068-xss (215306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "8.0.1"
}
]
}
],
"datePublic": "2022-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/S:C/UI:R/A:N/PR:L/I:L/AV:N/AC:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T18:17:12",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6570589"
},
{
"name": "ibm-curam-cve202139068-xss (215306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-04-08T00:00:00",
"ID": "CVE-2021-39068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "7.0.11"
},
{
"version_value": "8.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6570589",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6570589 (Curam Social Program Management)",
"url": "https://www.ibm.com/support/pages/node/6570589"
},
{
"name": "ibm-curam-cve202139068-xss (215306)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39068",
"datePublished": "2022-04-11T18:17:12.131519Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T01:26:59.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8903
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/73947 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21700098 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "73947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73947"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-8903",
"datePublished": "2017-08-02T19:00:00",
"dateReserved": "2014-11-14T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9980
Vulnerability from cvelistv5
Published
2017-04-20 21:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98005 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg22001779 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Curam Social Program Management |
Version: 6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Curam Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
],
"datePublic": "2017-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "98005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98005"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001779",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9980",
"datePublished": "2017-04-20T21:00:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6111
Vulnerability from cvelistv5
Published
2017-03-31 18:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22000833 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97244 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM Corporation | Cram Social Program Management |
Version: 6.0.4 Version: 6.0.5 Version: 6.0 Version: 5.2 Version: 4.5 Version: 6.0.3 Version: 6.1 Version: 5.2.6 Version: 6.0.1 Version: 6.1.0 Version: 6.1.1 Version: 6.2.0 Version: 7.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000833"
},
{
"name": "97244",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "5.2.6"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-03T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000833"
},
{
"name": "97244",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0"
},
{
"version_value": "5.2"
},
{
"version_value": "4.5"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.1"
},
{
"version_value": "5.2.6"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22000833",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22000833"
},
{
"name": "97244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6111",
"datePublished": "2017-03-31T18:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1671
Vulnerability from cvelistv5
Published
2018-12-10 14:00
Modified
2024-08-05 04:07
Severity ?
EPSS score ?
Summary
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10739019 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/144951 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/106202 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"name": "ibm-curam-cve20181671-html-injection(144951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951"
},
{
"name": "106202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-force ID: 144951."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"name": "ibm-curam-cve20181671-html-injection(144951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951"
},
{
"name": "106202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-1671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site. IBM X-force ID: 144951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10739019",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739019"
},
{
"name": "ibm-curam-cve20181671-html-injection(144951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144951"
},
{
"name": "106202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1671",
"datePublished": "2018-12-10T14:00:00",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-08-05T04:07:44.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}