292 matches found
CVE-2015-5023
CVE-2015-5023 : IBM Cúram Social Program Management (SPM) 6.1 is vulnerable to SQL injection. The IBM security bulletin notes that an attacker who is already authenticated and has console access can send specially crafted SQL statements to view, modify, or delete data. Affected version: SPM 6.1 (...
CVE-2015-5023
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-7402
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-7402
IBM Cúram Social Program Management 6.1 is affected by CVE-2015-7402 (XSS) due to improper validation of user-supplied input. An already authenticated remote attacker can exploit a specially crafted URL to execute arbitrary script in the victim’s browser within the site’s context, potentially ste...
IBM Cúram Social Program Management SQL Injection Vulnerability
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM in the United States. A SQL injection vulnerability exists in IBM Curam SPM. An attacker could use this vulnerability to take control of the application, access or modify data, or exploit potential...
IBM Curam Social Program Management Cross-Site Scripting Vulnerability
IBM Curam Social Program Management is a social program management solution. The solution supports the end-to-end social program delivery process. A cross-site scripting vulnerability exists in IBM Curam SPM, which allows remote attackers to exploit the vulnerability to inject malicious script or...
CVE-2014-6192
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-6192
CVE-2014-6192 affects IBM Cúram Social Program Management (SPM). The vulnerability is an XSS flaw caused by improper validation of user-supplied input, allowing a remote authenticated user to execute script via a crafted URL. Affected versions include: SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4....
CVE-2014-6192
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
IBM Curam Social Program Management Denial of Service Vulnerability
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A denial of service vulnerability exists in IBM Curam Social Program Management. An attacker is allowed to exploit this...
IBM Curam Social Program Management (SPM) Cross-Site Request Forgery Vulnerability (CNVD-2015-02805)
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management SPM. An attacker is allowed to...
CVE-2014-6092
IBM Curam Social Program Management SPM 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to caus...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the 1 DataMappingEditorCommands, 2 DatastoreEditorCommands, and 3 IEGEditorCommands servlets in IBM Curam Social Program Management SPM 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and...
Code injection
IBM Curam Social Program Management SPM 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to caus...
CVE-2014-6090
Multiple cross-site request forgery CSRF vulnerabilities in the 1 DataMappingEditorCommands, 2 DatastoreEditorCommands, and 3 IEGEditorCommands servlets in IBM Curam Social Program Management SPM 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and...
CVE-2014-6090
Multiple cross-site request forgery CSRF vulnerabilities in the 1 DataMappingEditorCommands, 2 DatastoreEditorCommands, and 3 IEGEditorCommands servlets in IBM Curam Social Program Management SPM 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and...
CVE-2014-6092
IBM Curam Social Program Management SPM 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to caus...
CVE-2014-6092
CVE-2014-6092 affects IBM Curam SPM prior to SP6 EP6 (5.2 SP6 EP6; 6.0 SP2 EP26; 6.0.4 prior to 6.0.4.6; 6.0.5 prior to 6.0.5.6). The issue is that failed-login handling for web-service accounts does not enforce the same lockout policy as standard user accounts, enabling an attacker with knowledg...