Lucene search
K

32 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 11:25 a.m.37 views

Security Bulletin: A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management(CVE-2021-39068)

Summary A cross-site scripting XSS vulnerability may impact IBM Cúram Social Program Management. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. Vulnerabili...

5.4CVSS0.6AI score0.00495EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 11:12 a.m.14 views

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in Google Gson (217225)

Summary IBM Cúram Social Program Management uses the Google Gson libraries, for which there is a publicly known vulnerability. For this vulnerability Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker cou...

1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:6 p.m.37 views

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

9.8CVSS0.8AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:13 p.m.48 views

Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)

Summary IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. Vulnerability Details CVEID: CVE-2021-37714 DESCRIPTION: jsoup i...

7.5CVSS7.3AI score0.06873EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/10/11 12:0 a.m.2 views

IBM Cúram Social Program Management Path Traversal Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management that stems from the failure of a networked system...

7.5CVSS6.8AI score0.01978EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/11 12:0 a.m.4 views

IBM Cúram Social Program Management Encryption Issue Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management that stems from hashing a token with the MD5...

7.5CVSS6.8AI score0.00783EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/11 12:0 a.m.4 views

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability (CNVD-2020-59038)

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that stems from an OOTB build script...

5.3CVSS6.3AI score0.00986EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 5:39 p.m.21 views

Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780)

Summary OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorised parties. Vulnerability Details CVEID: CVE-2020-4780 DESCRIPTION: OOT...

5.3CVSS1.5AI score0.00986EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 5:36 p.m.20 views

Security Bulletin: A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4779)

Summary A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. Vulnerability Details CVEID: CVE-2020-4779 DESCRIPTION: A HTTP Verb Tampering...

8.1CVSS1.5AI score0.01101EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/08 5:22 p.m.18 views

Security Bulletin: An XML External Entity Injection (XXE) vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4772)

Summary An XML External Entity Injection XXE vulnerability may impact IBM Cúram Social Program Management. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. Vulnerability Details CVEID:...

8.1CVSS1.5AI score0.01446EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/05 12:2 p.m.29 views

Security Bulletin: Vulnerability in Apache Commons Beanutils library affect IBM Cúram Social Program Management (CVE-2019-10086)

Summary IBM Cúram Social Program Management uses the Apache Commons Beanutils library, for which there is a publicly known vulnerability. The vulnerability could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean...

7.5CVSS0.5AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 9:46 a.m.38 views

Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-17531, CVE-2019-17267, CVE-2019-16942, CVE-2019-16335, CVE-2019-14540)

Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there are five publicly known vulnerabilities. All of the vulnerabilities, which are caused by various polymorphic typing issues, could enable a remote attacker to obtain sensitive information. Vulnerabili...

9.8CVSS0.8AI score0.10676EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/03 3:5 p.m.20 views

Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001)

Summary A recent product security scanning exercise identified that a cross-site request forgery vulnerability exists within REST in IBM Cúram Social Program Management. The issue relates to the checking of the HTTP referrer header for GET requests on the server side, which should be checked in a...

8.8CVSS1.4AI score0.00527EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/12/12 12:0 a.m.1 views

IBM Cúram Social Program Management Open Redirect Vulnerability (CNVD-2018-26900)

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. An open redirection vulnerability exists in IBM Cúram SPM. A remote attacker could exploit this vulnerability by trickin...

6.8CVSS6.6AI score0.0131EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/07 2:30 p.m.33 views

Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)

Summary IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of AbstractDocument. Fix has been put in place to check the class type before...

9.8CVSS0.6AI score0.19523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/05 4:35 p.m.17 views

Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671)

Summary An HTML injection vulnerability was detected in the IBM Social Program Management Design System component of the IBM Cúram Social Program Management product. It was discovered that input data for some tags was not sanitized in a secure way. Vulnerability Details CVEID: CVE-2018-1671...

6.1CVSS2AI score0.01702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/16 4:20 p.m.26 views

Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)

Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...

1.6AI score0.01066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:9 p.m.16 views

Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by getting a victim to browse to the stored information and their browser will execute the script...

5.4CVSS0.7AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:9 p.m.13 views

Security Bulletin: Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)

Summary IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user's submitted applications from the system and possibly obtain privileges. Vulnerability Details CVEID: CVE-2018-1362...

6CVSS0.5AI score0.00585EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:9 p.m.27 views

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031)

Summary IBM Cúram Social Program Management uses the Apache Commons FileUpload Library. Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileIte...

9.8CVSS1.4AI score0.34731EPSS
Exploits0Affected Software1
Rows per page
Query Builder