292 matches found
CVE-2014-6090
CVE-2014-6090 affects IBM Cúram SPM (DataMappingEditorCommands, DatastoreEditorCommands, IEGEditorCommands) across multiple versions (5.2 SP6 before EP6; 6.0 SP2 before EP26; 6.0.3/6.0.4/6.0.5 before respective iFix/EP levels). The root cause is CSRF in these servlets, allowing remote attackers t...
IBM Curam Social Program Management Curam Universal Access Information Disclosure Vulnerability
IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in Curam Universal Access for IBM Curam SPM, which allows a remote attacker to access th...
IBM Curam Social Program Management Universal Access Component CRLF Injection Vulnerability
IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that supports the end-to-end social program delivery process.Universal Access is one of the universal access components. A CRLF injection vulnerability exists in the implementation ...
CVE-2014-4804
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...
Design/Logic Flaw
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...
CVE-2014-4804
CVE-2014-4804 affects IBM Curam Social Program Management (Cúram SPM) – Curam Universal Access when SPI is enabled. A page with SPI included can allow a remote attacker to obtain sensitive user data. Affected versions include 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5....
CVE-2014-4804
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...
CVE-2014-4803
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...
Crlf injection
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...
CVE-2014-4803
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...
CVE-2014-4803
IBM Cúram Universal Access (part of IBM Cúram Social Program Management) is vulnerable to a CRLF injection when not deployed on WebSphere, due to improper sanitization on a page parameter. A remote authenticated attacker could inject arbitrary HTTP headers and perform HTTP response splitting, pot...
IBM Curam Social Program Management Cross-Site Scripting Vulnerability
IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in versions prior to IBM Curam Social Program Management 6.0.5.5a, which allows ...
CVE-2014-3096
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-3096
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-3096
Summary (CVE-2014-3096): IBM Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation of user-supplied input. A remote, authenticated attacker can craft a URL to execute script in a victim’s browser within the hosting site’s context, potentially steal...
CVE-2014-6091
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-6091
CVE-2014-6091 is an XSS vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 prior to 6.0.4.5 iFix7. It allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The connected documents confirm the affected product/version and impact but do not provid...
CVE-2014-6091
Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...