Lucene search
+L

293 matches found

Cvelist
Cvelist
added 2022/04/11 6:17 p.m.20 views

CVE-2021-39068

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.3AI score0.00495EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.5 views

IBM Curam Social Program Management 跨站脚本漏洞

IBM Curam Social Program Management is a business and technology solution from IBM that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. The vulnerability can be exploited by attackers to cause...

5.4CVSS5.6AI score0.00495EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/08 12:0 a.m.3 views

CVE-2021-39068

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.7AI score0.00495EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:6 p.m.37 views

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

9.8CVSS0.8AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:33 p.m.81 views

Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...

7.5CVSS0.2AI score0.1121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/03 1:47 p.m.45 views

Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425)

Summary IBM Cúram Social Program Management uses the Apache Commons libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Commons IO, when invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus...

5.8CVSS1.6AI score0.10608EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2021/01/05 12:0 a.m.4 views

IBM Curam Social Program Management Cross-Site Request Forgery Vulnerability (CNVD-2021-01275)

IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management 7.0.9, 7.0.11. An attacker coul...

8.8CVSS6.7AI score0.00525EPSS
Exploits0References1
NVD
NVD
added 2021/01/04 2:15 p.m.18 views

CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...

8.8CVSS7AI score0.00525EPSS
Exploits0References2
OSV
OSV
added 2021/01/04 2:15 p.m.5 views

CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...

8.8CVSS6.7AI score0.00525EPSS
Exploits0References2
Prion
Prion
added 2021/01/04 2:15 p.m.14 views

Cross site request forgery (csrf)

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...

6.8CVSS8.2AI score0.00525EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/04 2:0 p.m.44 views

CVE-2020-4942

CVE-2020-4942 affects IBM Curam Social Program Management (Curam SPM) 7.0.9 and 7.0.11. The vulnerability is a cross-site request forgery (CSRF) that can cause a user’s trusted session to perform malicious actions via the site’s REST logout functionality. The public details identify the affected ...

8.8CVSS8.4AI score0.00525EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/04 2:0 p.m.24 views

CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...

6.5CVSS8.4AI score0.00525EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.7 views

IBM Cúram Social Program Management 跨站请求伪造漏洞

IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site request forgery vulnerability exists in IBM Curam Social Program Management 7.0.9, 7.0.11. An attacker coul...

8.8CVSS6.7AI score0.00525EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/12/31 12:0 a.m.4 views

CVE-2020-4942

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...

8.8CVSS5.3AI score0.00525EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/10/12 1:15 p.m.30 views

CVE-2020-4778

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...

7.5CVSS0.00792EPSS
Exploits0References2
OSV
OSV
added 2020/10/12 1:15 p.m.6 views

CVE-2020-4781

An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...

6.5CVSS6.6AI score0.01395EPSS
Exploits0References2
NVD
NVD
added 2020/10/12 1:15 p.m.22 views

CVE-2020-4781

An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...

6.5CVSS0.01395EPSS
Exploits0References2
OSV
OSV
added 2020/10/12 1:15 p.m.3 views

CVE-2020-4779

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...

8.1CVSS7.3AI score0.01114EPSS
Exploits0References2
OSV
OSV
added 2020/10/12 1:15 p.m.4 views

CVE-2020-4780

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158...

5.3CVSS5.8AI score0.00998EPSS
Exploits0References2
NVD
NVD
added 2020/10/12 1:15 p.m.30 views

CVE-2020-4779

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...

8.1CVSS0.01114EPSS
Exploits0References2
Rows per page
Query Builder