Lucene search
+L

292 matches found

CVE
CVE
added 2015/04/27 1:0 a.m.43 views

CVE-2014-6090

CVE-2014-6090 affects IBM Cúram SPM (DataMappingEditorCommands, DatastoreEditorCommands, IEGEditorCommands) across multiple versions (5.2 SP6 before EP6; 6.0 SP2 before EP26; 6.0.3/6.0.4/6.0.5 before respective iFix/EP levels). The root cause is CSRF in these servlets, allowing remote attackers t...

6.8CVSS6.7AI score0.00578EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/02/21 12:0 a.m.6 views

IBM Curam Social Program Management Curam Universal Access Information Disclosure Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in Curam Universal Access for IBM Curam SPM, which allows a remote attacker to access th...

4.3CVSS6.4AI score0.01066EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/21 12:0 a.m.4 views

IBM Curam Social Program Management Universal Access Component CRLF Injection Vulnerability

IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that supports the end-to-end social program delivery process.Universal Access is one of the universal access components. A CRLF injection vulnerability exists in the implementation ...

3.5CVSS7.2AI score0.00772EPSS
Exploits0References1
NVD
NVD
added 2015/02/14 2:59 a.m.26 views

CVE-2014-4804

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

4.3CVSS6.3AI score0.01066EPSS
Exploits0References2
Prion
Prion
added 2015/02/14 2:59 a.m.28 views

Design/Logic Flaw

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

4.3CVSS6.8AI score0.01066EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/02/14 2:0 a.m.47 views

CVE-2014-4804

CVE-2014-4804 affects IBM Curam Social Program Management (Cúram SPM) – Curam Universal Access when SPI is enabled. A page with SPI included can allow a remote attacker to obtain sensitive user data. Affected versions include 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5....

4.3CVSS6.4AI score0.01066EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/02/14 2:0 a.m.20 views

CVE-2014-4804

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page...

6.3AI score0.01066EPSS
Exploits0References2
NVD
NVD
added 2015/02/13 2:59 a.m.27 views

CVE-2014-4803

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...

3.5CVSS6.4AI score0.00772EPSS
Exploits0References2
Prion
Prion
added 2015/02/13 2:59 a.m.14 views

Crlf injection

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...

3.5CVSS6.8AI score0.00772EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/02/13 2:0 a.m.20 views

CVE-2014-4803

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP...

6.4AI score0.00772EPSS
Exploits0References2
CVE
CVE
added 2015/02/13 2:0 a.m.56 views

CVE-2014-4803

IBM Cúram Universal Access (part of IBM Cúram Social Program Management) is vulnerable to a CRLF injection when not deployed on WebSphere, due to improper sanitization on a page parameter. A remote authenticated attacker could inject arbitrary HTTP headers and perform HTTP response splitting, pot...

3.5CVSS6.6AI score0.00772EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/01/15 12:0 a.m.4 views

IBM Curam Social Program Management Cross-Site Scripting Vulnerability

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in versions prior to IBM Curam Social Program Management 6.0.5.5a, which allows ...

3.5CVSS5.5AI score0.00759EPSS
Exploits0References1
NVD
NVD
added 2015/01/10 2:59 a.m.14 views

CVE-2014-3096

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.1AI score0.00759EPSS
Exploits0References2
Prion
Prion
added 2015/01/10 2:59 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.4AI score0.00759EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/01/10 2:0 a.m.17 views

CVE-2014-3096

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00759EPSS
Exploits0References2
CVE
CVE
added 2015/01/10 2:0 a.m.47 views

CVE-2014-3096

Summary (CVE-2014-3096): IBM Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation of user-supplied input. A remote, authenticated attacker can craft a URL to execute script in a victim’s browser within the hosting site’s context, potentially steal...

3.5CVSS5.2AI score0.00759EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2014/09/23 9:55 p.m.17 views

CVE-2014-6091

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.1AI score0.00759EPSS
Exploits0References2
Prion
Prion
added 2014/09/23 9:55 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.4AI score0.00759EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/09/23 9:0 p.m.57 views

CVE-2014-6091

CVE-2014-6091 is an XSS vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 prior to 6.0.4.5 iFix7. It allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. The connected documents confirm the affected product/version and impact but do not provid...

3.5CVSS5.2AI score0.00759EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/09/23 9:0 p.m.25 views

CVE-2014-6091

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management SPM 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

5.1AI score0.00759EPSS
Exploits0References2
Rows per page
Query Builder