5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
IBM Cúram Social Program Management uses the Google Guava library indirectly through Google Guice. In versions of Google Guava library before version 24.1.1, an unbounded memory allocation vulnerability enables remote attackers to conduct denial of service attacks against servers that depend on the library, and to deserialize attacker-provided data.
CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArray and CompoundOrdering class. By sending specially crafted data, a remote attacker could exploit the vulnerability to cause a denial of service condition.
_CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142508>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM Cúram Social Program Management 7.0.5.0 - 7.0.6.0
IBM Cúram Social Program Management 7.0.0.0 - 7.0.4.2
Note: The Google Guava library was not present in version 6.1.x and earlier versions, so these versions are not vulnerable.
Product | VRMF | Remediation/First Fix |
---|---|---|
Cúram SPM |
7.0.7
| Visit IBM Fix Central and upgrade to 7.0.7 or a subsequent 7.0.7 release.
Cúram SPM |
7.0.4
| Visit IBM Fix Central and upgrade to 7.0.4.3 or a subsequent 7.0.4 release.
For information about all other versions, contact IBM Cúram Social Program Management customer support.
CPE | Name | Operator | Version |
---|---|---|---|
cúram social program management | eq | 7.0.6 | |
cúram social program management | eq | 7.0.4 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P