7 matches found
EUVD-2014-4723
Malware in sbrugna...
Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)
Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...
IBM Curam Social Program Management Curam Universal Access Information Disclosure Vulnerability (CNVD-2017-09517)
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM in the United States. The solution supports the end-to-end process of social program delivery.Curam Universal Access is a suite of software solutions. An information disclosure vulnerability exists ...
Design/Logic Flaw
Curam Universal Access in IBM Curam Social Program Management SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL...
CVE-2014-4843
IBM Cúram Universal Access in Curam SPM exposes internal caseworker usernames via a URL under specific versions: 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5. Root cause is information disclosure through URL construction. Impact: partial confidentiality compromise of ...
IBM Curam Social Program Management Universal Access Component CRLF Injection Vulnerability
IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that supports the end-to-end social program delivery process.Universal Access is one of the universal access components. A CRLF injection vulnerability exists in the implementation ...
CVE-2014-4804
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...