292 matches found
CVE-2014-3069
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management SPM 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecifie...
Crlf injection
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management SPM 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecifie...
CVE-2014-3069
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management SPM 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecifie...
CVE-2014-3069
Summary: CVE-2014-3069 affects IBM Cúram Universal Access (V6.0.5.5) when not deployed on IBM WebSphere. The root cause is improper sanitization of user-supplied data output into HTTP response header fields, enabling CRLF injection and potential session/credential exposure or HTTP Response Splitt...
CVE-2014-3013
Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...
CVE-2014-3012
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...
Crlf injection
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...
CVE-2014-3012
CVE-2014-3012 affects IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4. The vulnerability is a CRLF injection allowing remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified parameters to custom JSPs. Root cause is improper handl...
CVE-2014-3012
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...
CVE-2014-3013
Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...
CVE-2014-3013
Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation/sanitization of tags in custom JSPs or custom renderers that add text nodes to rendered content. A remote authenticated attacker can inject malicious scripts via crafted input to a custom JSP or...