CVE-2014-6090

2015-04-2711:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-6090

csrf

cross-site request forgery

ibm

curam social program management

security

vulnerabilities

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

NVD

Node

ibmcuram_social_program_managementMatch5.2sp6

ibmcuram_social_program_managementMatch6.0sp2

ibmcuram_social_program_managementMatch6.0.3.0

ibmcuram_social_program_managementMatch6.0.4.0

ibmcuram_social_program_managementMatch6.0.5.0

CPENameOperatorVersion
ibm:curam_social_program_managementibm curam social program managementeq5.2
ibm:curam_social_program_managementibm curam social program managementeq6.0
ibm:curam_social_program_managementibm curam social program managementeq6.0.3.0
ibm:curam_social_program_managementibm curam social program managementeq6.0.4.0
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.0

CPE	Name	Operator	Version
ibm:curam_social_program_management	ibm curam social program management	eq	5.2
ibm:curam_social_program_management	ibm curam social program management	eq	6.0
ibm:curam_social_program_management	ibm curam social program management	eq	6.0.3.0
ibm:curam_social_program_management	ibm curam social program management	eq	6.0.4.0
ibm:curam_social_program_management	ibm curam social program management	eq	6.0.5.0