Skip to main content

Curam Social Program Management

39 CVEs product

Monthly

CVE-2022-22318 CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-22317 CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2020-4781 MEDIUM This Month

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service IBM Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-4780 MEDIUM This Month

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-4779 HIGH This Week

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-4778 HIGH This Week

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-4776 HIGH This Week

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Curam Social Program Management
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-4775 MEDIUM This Month

A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4774 MEDIUM This Month

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4773 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Curam Social Program Management
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-4772 HIGH This Week

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Denial Of Service IBM XXE Curam Social Program Management
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2018-1900 MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1654 MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Curam Social Program Management
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1671 MEDIUM PATCH This Month

IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-1362 MEDIUM This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
5.0
EPSS
0.6%
CVE-2014-6191 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-1195 MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect IBM Curam Social Program Management
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-1110 MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-9732 MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-8903 HIGH This Week

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Command Injection Curam Social Program Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-1106 MEDIUM This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2014-4843 MEDIUM This Month

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9980 MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9979 MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9978 MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-8923 MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-6111 CRITICAL PATCH Act Now

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Curam Social Program Management
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2015-5023 MEDIUM This Month

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2015-7402 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-6192 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6092 MEDIUM PATCH This Month

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Curam Social Program Management
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-6090 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF Curam Social Program Management
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-4804 MEDIUM PATCH This Month

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4803 LOW Monitor

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-3096 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6091 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3069 LOW PATCH Monitor

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Code Injection Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3013 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3012 LOW Monitor

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Curam Social Program Management
NVD
CVSS 2.0
3.5
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service IBM +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
EPSS 1% CVSS 8.1
HIGH This Week

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Curam Social Program Management
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Curam Social Program Management
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Curam Social Program Management
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Denial Of Service IBM +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Curam Social Program Management
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Curam Social Program Management
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect IBM Curam Social Program Management
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
EPSS 1% CVSS 8.8
HIGH This Week

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Command Injection +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Curam Social Program Management
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Curam Social Program Management
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SQLi Curam Social Program Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Curam Social Program Management
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM XSS CSRF +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW Monitor

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Code Injection Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Curam Social Program Management
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Code Injection Curam Social Program Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy