CVE-2014-4804

2015-02-1402:59:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

curam

social program management

security vulnerability

cve-2014-4804

nvd

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.

Affected configurations

NVD

Node

ibmcuram_social_program_managementRange≤5.2sp6

ibmcuram_social_program_managementMatch6.0sp2

ibmcuram_social_program_managementMatch6.0.4.5

ibmcuram_social_program_managementMatch6.0.5.4

ibmcuram_social_program_managementMatch6.0.5.5

CPENameOperatorVersion
ibm:curam_social_program_managementibm curam social program managementle5.2
ibm:curam_social_program_managementibm curam social program managementeq6.0
ibm:curam_social_program_managementibm curam social program managementeq6.0.4.5
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.4
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.5

CPE	Name	Operator	Version
ibm:curam_social_program_management	ibm curam social program management	le	5.2
ibm:curam_social_program_management	ibm curam social program management	eq	6.0
ibm:curam_social_program_management	ibm curam social program management	eq	6.0.4.5
ibm:curam_social_program_management	ibm curam social program management	eq	6.0.5.4
ibm:curam_social_program_management	ibm curam social program management	eq	6.0.5.5