Lucene search

K
cve[email protected]CVE-2014-6090
HistoryApr 27, 2015 - 11:59 a.m.

CVE-2014-6090

2015-04-2711:59:00
CWE-352
web.nvd.nist.gov
14
cve-2014-6090
csrf
cross-site request forgery
ibm
curam social program management
security
vulnerabilities

6.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

62.0%

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

NVD
Node
ibmcuram_social_program_managementMatch5.2sp6
OR
ibmcuram_social_program_managementMatch6.0sp2
OR
ibmcuram_social_program_managementMatch6.0.3.0
OR
ibmcuram_social_program_managementMatch6.0.4.0
OR
ibmcuram_social_program_managementMatch6.0.5.0

6.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

62.0%

Related for CVE-2014-6090