293 matches found
CVE-2021-39068
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
IBM Curam Social Program Management 跨站脚本漏洞
IBM Curam Social Program Management is a business and technology solution from IBM that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. The vulnerability can be exploited by attackers to cause...
CVE-2021-39068
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)
Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...
Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425)
Summary IBM Cúram Social Program Management uses the Apache Commons libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Commons IO, when invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus...
IBM Curam Social Program Management Cross-Site Request Forgery Vulnerability (CNVD-2021-01275)
IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management 7.0.9, 7.0.11. An attacker coul...
CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
Cross site request forgery (csrf)
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
CVE-2020-4942
CVE-2020-4942 affects IBM Curam Social Program Management (Curam SPM) 7.0.9 and 7.0.11. The vulnerability is a cross-site request forgery (CSRF) that can cause a user’s trusted session to perform malicious actions via the site’s REST logout functionality. The public details identify the affected ...
CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
IBM Cúram Social Program Management 跨站请求伪造漏洞
IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management 7.0.9, 7.0.11. An attacker coul...
CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
CVE-2020-4778
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...
CVE-2020-4781
An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...
CVE-2020-4781
An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
CVE-2020-4780
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...