7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there is a publicly known vulnerability. For this vulnerability FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly.
CVEID:CVE-2020-25649
**DESCRIPTION:**FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192648 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
Curam SPM | 7.0.10 - 7.0.11 |
Curam SPM | 7.0.5 - 7.0.9 |
Product | VRMF | Remediation/First Fix |
---|---|---|
Cúram SPM |
7.0.11
| Visit IBM Fix Central and upgrade to 7.0.11_iFix2 or a subsequent 7.0.11 release.
Cúram SPM|
7.0.9
| Visit IBM Fix Central and upgrade to 7.0.9.0_iFix7 or a subsequent 7.0.4 release.
For information about all other versions, contact IBM Cúram Social Program Management customer support.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N