32 matches found
Security Bulletin: A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management(CVE-2021-39068)
Summary A cross-site scripting XSS vulnerability may impact IBM Cúram Social Program Management. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. Vulnerabili...
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in Google Gson (217225)
Summary IBM Cúram Social Program Management uses the Google Gson libraries, for which there is a publicly known vulnerability. For this vulnerability Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker cou...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)
Summary IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. Vulnerability Details CVEID: CVE-2021-37714 DESCRIPTION: jsoup i...
IBM Cúram Social Program Management Path Traversal Vulnerability
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management that stems from the failure of a networked system...
IBM Cúram Social Program Management Encryption Issue Vulnerability
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management that stems from hashing a token with the MD5...
IBM Cúram Social Program Management Cross-Site Scripting Vulnerability (CNVD-2020-59038)
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that stems from an OOTB build script...
Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780)
Summary OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorised parties. Vulnerability Details CVEID: CVE-2020-4780 DESCRIPTION: OOT...
Security Bulletin: A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4779)
Summary A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. Vulnerability Details CVEID: CVE-2020-4779 DESCRIPTION: A HTTP Verb Tampering...
Security Bulletin: An XML External Entity Injection (XXE) vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4772)
Summary An XML External Entity Injection XXE vulnerability may impact IBM Cúram Social Program Management. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in Apache Commons Beanutils library affect IBM Cúram Social Program Management (CVE-2019-10086)
Summary IBM Cúram Social Program Management uses the Apache Commons Beanutils library, for which there is a publicly known vulnerability. The vulnerability could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean...
Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-17531, CVE-2019-17267, CVE-2019-16942, CVE-2019-16335, CVE-2019-14540)
Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there are five publicly known vulnerabilities. All of the vulnerabilities, which are caused by various polymorphic typing issues, could enable a remote attacker to obtain sensitive information. Vulnerabili...
Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001)
Summary A recent product security scanning exercise identified that a cross-site request forgery vulnerability exists within REST in IBM Cúram Social Program Management. The issue relates to the checking of the HTTP referrer header for GET requests on the server side, which should be checked in a...
IBM Cúram Social Program Management Open Redirect Vulnerability (CNVD-2018-26900)
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. An open redirection vulnerability exists in IBM Cúram SPM. A remote attacker could exploit this vulnerability by trickin...
Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)
Summary IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of AbstractDocument. Fix has been put in place to check the class type before...
Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671)
Summary An HTML injection vulnerability was detected in the IBM Social Program Management Design System component of the IBM Cúram Social Program Management product. It was discovered that input data for some tags was not sanitized in a secure way. Vulnerability Details CVEID: CVE-2018-1671...
Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)
Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...
Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739)
Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by getting a victim to browse to the stored information and their browser will execute the script...
Security Bulletin: Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)
Summary IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user's submitted applications from the system and possibly obtain privileges. Vulnerability Details CVEID: CVE-2018-1362...
Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031)
Summary IBM Cúram Social Program Management uses the Apache Commons FileUpload Library. Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileIte...