6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
IBM Cúram Social Program Management is vulnerable to a privilege escalation vulnerability in the product.
CVEID: CVE-2017-1110**
DESCRIPTION:** IBM Cúram Social Program Management contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120915 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Cúram Social Program Management 7.0.0.0 - 7.0.0.1
IBM Cúram Social Program Management 6.2.0.0 - 6.2.0.4
IBM Cúram Social Program Management 6.1.1.0 - 6.1.1.4
IBM Cúram Social Program Management 6.1.0.0 - 6.1.0.4
IBM Cúram Social Program Management 6.0.5.0 - 6.0.5.10
IBM Cúram Social Program Management 6.0.4.0 - 6.0.4.9
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Cúram Social Program Management| 7.0.0| Visit IBM Fix Central and upgrade to 7.0.0.2 or a subsequent 7.0 release
IBM Cúram Social Program Management| 6.2.0| Visit IBM Fix Central and upgrade to 6.2.0.5 or a subsequent 6.2.0 release
IBM Cúram Social Program Management| 6.1.1| Visit IBM Fix Central and upgrade to 6.1.1.5 or a subsequent 6.1.1 release
IBM Cúram Social Program Management| 6.1.0| Visit IBM Fix Central and upgrade to 6.1.0.5 or a subsequent 6.1.0 release
IBM Cúram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to 6.0.5.10 iFix1 or a subsequent 6.0.5 release
IBM Cúram Social Program Management| 6.0.4| Visit IBM Fix Central and upgrade to 6.0.4.9 iFix1 or a subsequent 6.0.4 release
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N