Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9E78C6B520084962AEF821A49CC8ED195001C7953BADBA9811EE8DC6D08ABCE4
HistoryJun 17, 2018 - 1:05 p.m.

Security Bulletin: IBM Cúram Social Program Management is vulnerable to Java reflection attack(CVE-2014-8903).

2018-06-1713:05:36
www.ibm.com
9

EPSS

0.002

Percentile

58.9%

JSON

Summary

IBM Cúram Social Program Management is vulnerable to Java reflection attack caused by external input that is used to specify a class. A remote attacker could exploit this vulnerability by injecting arbitrary class names which will be subsequently loaded.

Vulnerability Details

CVE-2014-8903
CVSS Base Score: 4.9
CVSS Temporal Score: See_ _https://exchange.xforce.ibmcloud.com/vulnerabilities/99186 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Affected Products and Versions

IBM Cúram Social Program Management: V6.0 SP2, 6.0.4 and 6.0.5.**
NOTE:** 6.0.5.5a is not affected

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
Cúram SPM| 6.0.5| Visit IBM Fix Central and upgrade to 6.0.5.6 or a subsequent 6.0.5 release
Cúram SPM| 6.0.4| Visit IBM Fix Central and upgrade to 6.0.4.5iFix10 or a subsequent 6.0.4 release.
Cúram SPM| 6.0 SP2| Visit IBM Fix Central and upgrade to 6.0 SP2 EP26 or a subsequent 6.0 SP2 release.
.

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2014-8903
2017-08-02 19:29:00
prion
prion
Code injection
2017-08-02 19:29:00
cvelist
cvelist
CVE-2014-8903
2017-08-02 19:00:00
cve
cve
CVE-2014-8903
2017-08-02 19:29:00

EPSS

0.002

Percentile

58.9%

JSON
Related for 9E78C6B520084962AEF821A49CC8ED195001C7953BADBA9811EE8DC6D08ABCE4
nvd1prion1cvelist1cve1