7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM Cúram Social Program Management uses the Apache Taglibs Library. Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data.
CVEID: CVE-2015-0254**
DESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101550 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM Cúram Social Program Management 7.0.0.0 - 7.0.1.0
IBM Cúram Social Program Management 6.2.0.0 - 6.2.0.5
IBM Cúram Social Program Management 6.1.0.0 - 6.1.1.5
IBM Cúram Social Program Management 6.0.5.0 - 6.0.5.10
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Cúram Social Program Management| 7.0| Visit IBM Fix Central and upgrade to 7.0.1.1 or a subsequent 7.0.1 release
IBM Cúram Social Program Management| 6.2| Visit IBM Fix Central and upgrade to 6.2.0.6 or a subsequent 6.2.0 release
IBM Cúram Social Program Management| 6.1| Visit IBM Fix Central and upgrade to 6.1.1.6 or a subsequent 6.1.1 release
IBM Cúram Social Program Management| 6.0.5| Visit IBM Fix Central and upgrade to 6.0.5.10 iFix2 or a subsequent 6.0.5 release
For information on all other versions please contact Cúram Customer Support.