Lucene search
K

95 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 1:52 p.m.42 views

Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)

Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...

9.8CVSS1.7AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 1:36 p.m.24 views

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in JDOM (CVE-2021-33813)

Summary IBM Cúram Social Program Management uses the JDOM library, for which there is a publicly known vulnerability. For this vulnerability JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploi...

7.5CVSS0.8AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 1:36 p.m.30 views

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)

Summary IBM Cúram Social Program Management uses the jackson-databind libraries, for which there is a publicly known vulnerability. FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...

0.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/09 11:57 a.m.54 views

Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...

9.8CVSS2.3AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 11:25 a.m.37 views

Security Bulletin: A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management(CVE-2021-39068)

Summary A cross-site scripting XSS vulnerability may impact IBM Cúram Social Program Management. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. Vulnerabili...

5.4CVSS0.6AI score0.00495EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 11:12 a.m.14 views

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in Google Gson (217225)

Summary IBM Cúram Social Program Management uses the Google Gson libraries, for which there is a publicly known vulnerability. For this vulnerability Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker cou...

1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 5:0 p.m.31 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION...

7.5CVSS3.5AI score0.81147EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 10:51 a.m.58 views

Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44832 , CVE-2021-45105)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44832...

10CVSS2.6AI score0.99999EPSS
Exploits357Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 10:56 p.m.109 views

Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44228 , CVE-2021-45046)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44228...

10CVSS1.3AI score0.99999EPSS
Exploits353Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/29 1:23 p.m.57 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...

9.8CVSS9.3AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:45 p.m.36 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender...

4.3CVSS6.3AI score0.08096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:6 p.m.37 views

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

9.8CVSS0.8AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:33 p.m.80 views

Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...

7.5CVSS0.2AI score0.10448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:13 p.m.48 views

Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)

Summary IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. Vulnerability Details CVEID: CVE-2021-37714 DESCRIPTION: jsoup i...

7.5CVSS7.3AI score0.06873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/03 1:47 p.m.45 views

Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425)

Summary IBM Cúram Social Program Management uses the Apache Commons libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Commons IO, when invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus...

5.8CVSS1.6AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/03 10:52 a.m.28 views

Security Bulletin: Vulnerability in Dojo may affect Cúram Social Program Management (CVE-2020-5258)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. For this vulnerability Dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing...

7.7CVSS1.3AI score0.0399EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/08 5:36 p.m.37 views

Security Bulletin: Vulnerability in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2020-25649)

Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there is a publicly known vulnerability. For this vulnerability FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. Vulnerability...

7.5CVSS1.3AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/31 1:6 p.m.18 views

Security Bulletin: A cross-site request forgery (CSRF) vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management (CVE-2020-4942)

Summary A cross-site request forgery CSRF vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. Vulnerability Details CVEID:...

8.8CVSS1.5AI score0.00525EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/10/13 12:0 a.m.2 views

IBM Cúram Social Program Management Denial of Service Vulnerability (CNVD-2020-59031)

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A denial of service vulnerability exists in IBM Cúram Social Program Management versions 7.0.9.0 and 7.0.10.0. The...

6.5CVSS6.6AI score0.01395EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/11 12:0 a.m.2 views

IBM Cúram Social Program Management Access Control Error Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management XPath, which arises from errors such as...

5.5CVSS6.8AI score0.00832EPSS
Exploits0References1
Rows per page
Query Builder