IBM537301C73A2B6E979F2F61A67ED652F5CBBC8FB62B32B6E157695BA815EBCA62Security Bulletin: IBM Cúram Universal Access exposes caseworker usernames under specific circumstances.(CVE-2014-4843).
EPSS
Percentile
44.5%
Summary
IBM Universal Access contains a page where internal caseworker usernames are exposed as part of a URL. This information could be used in subsequent attacks against that particular user, e.g. to cause account lockout.
Vulnerability Details
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95723 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM Cúram Social Program Management (SPM) V6.0 SP2
Cúram SPM 6.0.4
Cúram SPM 6.0.5
NOTE: 6.0.5.5a is not affected
Remediation/Fixes
Product VRMF Remediation/First Fix
Cúram SPM 6.0.5 Visit IBM Fix Central and upgrade to 6.0.5.5 iFix5 or a subsequent 6.0.5 release.
Cúram SPM 6.0.4 Visit IBM Fix Central and upgrade to 6.0.4.6 or a subsequent 6.0.4 release.
Cúram SPM 6.0 SP2 Visit IBM Fix Central and upgrade to 6.0 SP2 EP26 or a subsequent 6.0 SP2 release.
Related
EPSS
Percentile
44.5%