Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)

Summary IBM Cúram is shipped with a third party library called Apache Batik, which is vulnerable to specially crafted SVG files. These files can potientially be used to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION: Apache Batik could allow ...

Security BULLETIN: IBM Cúram Social Program Management is vulnerable to cross site scripting attack(CVE-2014-6192).

Summary IBM Cúram Social Program Management is vulnerable to a cross site scripting attack. Vulnerability Details CVEID: CVE-2014-6192 DESCRIPTION: Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)

Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...

Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)

Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...

Security Bulletin: IBM Cúram is vulnerable to cross site scripting attack (CVE-2014-3096)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user supplied input. Vulnerability Details CVEID: CVE-2014-3096 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation...

Security Bulletin: Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)

Summary IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user's submitted applications from the system and possibly obtain privileges. Vulnerability Details CVEID: CVE-2018-1362...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-1000031)

Summary IBM Cúram Social Program Management uses the Apache Commons FileUpload Library. Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileIte...

Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim's web browser. Vulnerability Details CVEID:...

Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by getting a victim to browse to the stored information and their browser will execute the script...

Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2017-5662)

Summary IBM Cúram Social Program Management uses the Apache Batik Library. Apache Batik could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. Vulnerability Details CVEID: CVE-2017-5662 DESCRIPTION: Apache...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Cúram Social Program Management (CVE-2016-3092)

Summary IBM Cúram Social Program Management uses the Apache Commons FileUpload Library. Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the...

Security Bulletin: IBM Cúram's Social Program Management is vulnerable to a phishing through redirection vulnerability (CVE-2017-1195)

Summary Phishing through redirection vulnerability in Resource Store servlet in Cúram's Social Program Management product Vulnerability Details CVEID: CVE-2017-1195 DESCRIPTION: IBM Cúram Social Program Management could allow a remote attacker to conduct phishing attacks, using an open redirect...

Security Bulletin: Fix available for Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2017-1110)

Summary IBM Cúram Social Program Management is vulnerable to a privilege escalation vulnerability in the product. Vulnerability Details CVEID: CVE-2017-1110 DESCRIPTION: IBM Cúram Social Program Management contains an unspecified vulnerability that could allow an authenticated user to view the...

Security Bulletin: Security vulnerability in Cross-Site Scripting within IBM Cúram Social Program Management (CVE-2016-9732)

Summary Cross-Site Scripting security vulnerability within the IBM Cúram Social Program Management product. Vulnerability Details CVEID: CVE-2016-9732 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: Security vulnerability in SWF files shipped with IBM Cúram Social Program Management (CVE-2017-1106)

Summary SWF files that are shipped with the IBM Cúram Social Program Management product are compiled with a vulnerable version of the Adobe Flex SDK. Vulnerability Details CVEID: CVE-2017-1106 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to cross-site scripting. This vulnerabili...

Security Bulletin: Fix available for Sensitive Data Exposure Vulnerability in IBM Cúram Social Program Management (CVE-2016-9978)

Summary IBM Cúram Social Program Management is vulnerable to an already authenticated user bypassing the Security Sensitivity controls via a specially crafted URL. This allows an attacker to view information for certain business objects tagged with higher sensitivity than their current sensitivit...

Security Bulletin: Fix available for a Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2016-8923)

Summary IBM Cúram Social Program Management is vulnerable to an already authenticated user bypassing the Security Sensitivity controls via a specially crafted URL. This allows an attacker to view information for certain business objects tagged with higher sensitivity than their current sensitivit...

Security Bulletin: Fix available for DOM based Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9979)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim's web browser. Vulnerability Details CVEID:...

Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9980)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim's web browser. Vulnerability Details CVEID:...

Security Bulletin: Fix available for Vulnerability in XML External Entity Injection (XXE) affecting IBM Cúram Social Program Management (CVE-2016-6111)

Summary IBM Cúram Social Program Management is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could use the vulnerability to expose highly sensitive information, or to use all available memory resources...