95 matches found
Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)
Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in JDOM (CVE-2021-33813)
Summary IBM Cúram Social Program Management uses the JDOM library, for which there is a publicly known vulnerability. For this vulnerability JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploi...
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)
Summary IBM Cúram Social Program Management uses the jackson-databind libraries, for which there is a publicly known vulnerability. FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...
Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...
Security Bulletin: A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management(CVE-2021-39068)
Summary A cross-site scripting XSS vulnerability may impact IBM Cúram Social Program Management. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. Vulnerabili...
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in Google Gson (217225)
Summary IBM Cúram Social Program Management uses the Google Gson libraries, for which there is a publicly known vulnerability. For this vulnerability Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker cou...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION...
Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44832 , CVE-2021-45105)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44832...
Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44228 , CVE-2021-45046)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44228...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)
Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...
Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)
Summary IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. Vulnerability Details CVEID: CVE-2021-37714 DESCRIPTION: jsoup i...
Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425)
Summary IBM Cúram Social Program Management uses the Apache Commons libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Commons IO, when invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus...
Security Bulletin: Vulnerability in Dojo may affect Cúram Social Program Management (CVE-2020-5258)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. For this vulnerability Dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing...
Security Bulletin: Vulnerability in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2020-25649)
Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there is a publicly known vulnerability. For this vulnerability FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. Vulnerability...
Security Bulletin: A cross-site request forgery (CSRF) vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management (CVE-2020-4942)
Summary A cross-site request forgery CSRF vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. Vulnerability Details CVEID:...
IBM Cúram Social Program Management Denial of Service Vulnerability (CNVD-2020-59031)
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A denial of service vulnerability exists in IBM Cúram Social Program Management versions 7.0.9.0 and 7.0.10.0. The...
IBM Cúram Social Program Management Access Control Error Vulnerability
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management XPath, which arises from errors such as...