Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3A33487817B757CF9E089EE8307798439A20C8722D17201E148AE95F023820B5
HistoryJun 17, 2018 - 1:07 p.m.

Security Bulletin: Fix available for Sensitive Data Exposure Vulnerability in IBM Cúram Social Program Management (CVE-2016-9978)

2018-06-1713:07:40
www.ibm.com
6

0.001 Low

EPSS

Percentile

19.0%

JSON

Summary

IBM Cúram Social Program Management is vulnerable to an already authenticated user bypassing the Security Sensitivity controls via a specially crafted URL. This allows an attacker to view information for certain business objects tagged with higher sensitivity than their current sensitivity setting.

Vulnerability Details

CVEID: CVE-2016-9978**
DESCRIPTION:** IBM Cúram Social Program Management could allow an authenticated attacker to disclose sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Cúram Social Program Management 7.0.0.0 - 7.0.0.0
IBM Cúram Social Program Management 6.2.0.0 - 6.2.0.3
IBM Cúram Social Program Management 6.1.1.0 - 6.1.1.3
IBM Cúram Social Program Management 6.1.0.0 - 6.1.0.3
IBM Cúram Social Program Management 6.0.5.0 - 6.0.5.9
IBM Cúram Social Program Management 6.0.4.0 - 6.0.4.8
IBM Cúram Social Program Management 6.0.0.0 - 6.0.0 SP2
IBM Cúram Social Program Management 5.2.0.0 - 5.2.0 SP6

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Cúram Social Program Management| 7.0.0| Visit IBM Fix Central and upgrade to 7.0.0.1 or a subsequent 7.0 release
IBM Cúram Social Program Management| 6.2.0| Visit IBM Fix Central and upgrade to 6.2.0.4 or a subsequent 6.2 release
IBM Cúram Social Program Management| 6.1.1| Visit IBM Fix Central and upgrade to 6.1.1.4 or a subsequent 6.1.1 release
IBM Cúram Social Program Management| 6.1.0| Visit IBM Fix Central and upgrade to 6.1.0.4 or a subsequent 6.1 release
IBM Cúram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to 6.0.5.10 or a subsequent 6.0.5 release
IBM Cúram Social Program Management| 6.0.4| Visit IBM Fix Central and upgrade to 6.0.4.9 or a subsequent 6.0.4 release
IBM Cúram Social Program Management| 6.0 SP2| Visit IBM Fix Central and upgrade to 6.0 SP2 EP30 or a subsequent 6.0 release
IBM Cúram Social Program Management| 5.2 SP6| Customers using 5.2 SP6 should upgrade to a newer version

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Code injection
2017-04-20 21:59:00
cvelist
cvelist
CVE-2016-9978
2017-04-20 21:00:00
nvd
nvd
CVE-2016-9978
2017-04-20 21:59:01
cve
cve
CVE-2016-9978
2017-04-20 21:59:01

0.001 Low

EPSS

Percentile

19.0%

JSON
Related for 3A33487817B757CF9E089EE8307798439A20C8722D17201E148AE95F023820B5
prion1cvelist1nvd1cve1