IBM418690FD4CE5485FD64AEBF79142A8851DD36AB2D701A38FF77276246E6094CASecurity Bulletin: Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)
0.001 Low
EPSS
Percentile
30.9%
Summary
IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user’s submitted applications from the system and possibly obtain privileges.
Vulnerability Details
CVEID: CVE-2018-1362**
DESCRIPTION:** IBM Cúram Social Program Management within Citizen Portal could allow an authenticated user to withdraw other user’s submitted applications from the system and possibly obtain privileges.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137380 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Cúram Social Program Management 7.0.0.0 - 7.0.1.1
IBM Cúram Social Program Management 6.2.0.0 - 6.2.0.6
IBM Cúram Social Program Management 6.1.0.0 - 6.1.1.6
IBM Cúram Social Program Management 6.0.5.0 - 6.0.5.10
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Cúram Social Program Management| 7.0| Visit IBM Fix Central and upgrade to 7.0.1.1_iFix3 or a subsequent 7.0.1 release
IBM Cúram Social Program Management| 6.2| Visit IBM Fix Central and upgrade to 6.2.0.6_iFix1 or a subsequent 6.2.0 release
IBM Cúram Social Program Management| 6.1| Visit IBM Fix Central and upgrade to 6.1.1.6_iFix1 or a subsequent 6.1.1 release
IBM Cúram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to 6.0.5.10 iFix3 or a subsequent 6.0.5 release
Workarounds and Mitigations
For information on all other versions please contact Cúram Customer Support.
Related
0.001 Low
EPSS
Percentile
30.9%