Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM48DE888FB18583E39375DD568ECC9960742C78DCEB862A8CFBF0040029CC4E8E
HistoryJun 17, 2018 - 1:09 p.m.

Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106)

2018-06-1713:09:13
www.ibm.com
18

EPSS

0.001

Percentile

31.9%

JSON

Summary

SWF files that are shipped with the IBM Cúram Social Program Management product are compiled with a vulnerable version of the Adobe Flex SDK.

Vulnerability Details

CVEID: CVE-2017-1106**
DESCRIPTION:** IBM Cúram Social Program Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120744 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Cúram Social Program Management 7.0.0.0 - 7.0.0.1
IBM Cúram Social Program Management 6.2.0.0 - 6.2.0.4
IBM Cúram Social Program Management 6.1.1.0 - 6.1.1.4
IBM Cúram Social Program Management 6.1.0.0 - 6.1.0.4
IBM Cúram Social Program Management 6.0.5.0 - 6.0.5.10
IBM Cúram Social Program Management 6.0.4.0 - 6.0.4.9
IBM Cúram Social Program Management 6.0.0.0 - 6.0.0 SP2
IBM Cúram Social Program Management 5.2.0.0 - 5.2.0 SP6

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Cúram Social Program Management| 7.0.0| Follow the workaround instructions below
IBM Cúram Social Program Management| 6.2.0| Follow the workaround instructions below
IBM Cúram Social Program Management| 6.1.1| Follow the workaround instructions below
IBM Cúram Social Program Management| 6.1.0| Follow the workaround instructions below
IBM Cúram Social Program Management| 6.0.5| Follow the workaround instructions below
IBM Cúram Social Program Management| 6.0.4| Follow the workaround instructions below
IBM Cúram Social Program Management| 6.0 SP2| Follow the workaround instructions below
IBM Cúram Social Program Management| 5.2 SP6| Follow the workaround instructions below

Workarounds and Mitigations

All SWF Files in IBM Cúram Social Program Management product are compiled with a vulnerable version of the Adobe Flex SDK as detailed in the Adobe Security Bulletin, located here.

As a result all SWF Files should be checked, and where necessary patched as per “Action I: Repair your applications” in the Solutions section of the Adobe security fix instructions, located here.

For an alternative remediation option, visit Passport Advantage to upgrade to 7.0.1.0 version.

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2017-1106
2017-06-28 18:00:00
prion
prion
Cross site scripting
2017-06-28 18:29:00
nvd
nvd
CVE-2017-1106
2017-06-28 18:29:00
cve
cve
CVE-2017-1106
2017-06-28 18:29:00

EPSS

0.001

Percentile

31.9%

JSON
Related for 48DE888FB18583E39375DD568ECC9960742C78DCEB862A8CFBF0040029CC4E8E
cvelist1prion1nvd1cve1