Security Bulletin: Fixes available for Vulnerabilities in IBM ACF (Active Content Filtering) affects IBM Cúram Social Program Management (CVE-2015-1917, CVE-2016-0243)

Summary IBM Cúram Social Program Management is shipped with IBM Active Content Filtering, which is vulnerable to cross-site scripting caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability by using a specially crafted URL to execute script in a...

Security Bulletin: IBM Cúram Social Program Management is vulnerable to a SQL injection attack

Summary IBM Cúram Social Program Management is vulnerable to a SQL Injection attack. The attacker must already be authenticated and have access to the console. Vulnerability Details CVEID: CVE-2015-5023 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to SQL injection. A remote...

Security Bulletin: OpenSAML XML information disclosure (CVE-2013-6440)

Summary A version of OpenSAML shipped with Cúram could allow a remote authenticated attacker to obtain sensitive information. Customers that use opensaml.jar to secure web services may be affected. Vulnerability Details CVEID: CVE-2013-6440 DESCRIPTION: OpenSAML could allow a remote authenticated...

Security Bulletin: IBM Cúram Social Program Management is vulnerable to Java reflection attack(CVE-2014-8903).

Summary IBM Cúram Social Program Management is vulnerable to Java reflection attack caused by external input that is used to specify a class. A remote attacker could exploit this vulnerability by injecting arbitrary class names which will be subsequently loaded. Vulnerability Details CVE-2014-890...

Security Bulletin: IBM Cúram Social Program Management is vulnerable to cross site scripting attack(CVE-2014-6191).

Summary IBM Cúram Social Program Management is vulnerable to cross site scripting attack caused by improper validation and sanitization of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement (CVE-2017-1741)

Summary The IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement products are affected by a vulnerability that exists in the IBM WebSphere Application Server. The security bulletin includes issue...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1583, CVE-2011-4343)

Summary The IBM Emptoris Contract Management ,IBM Emptoris Program Management, IBM Emptoris Sourcing, IBM Emptoris Spend Analysis and IBM Emptoris Services Procurement products are affected by a vulnerability that exists in the IBM WebSphere Application Server. The security bulletin includes issu...

Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510).

Summary A BeanShell vulnerability for handling Java object deserialization was addressed by IBM Emptoris Strategic Supply Management Platform, IBM Contract Management and IBM Program Management products. Vulnerability Details CVEID: CVE-2016-2510 DESCRIPTION: BeanShell could allow a remote attack...

Information disclosure

IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106...

CVE-2015-7401

CVE-2015-7401 concerns IBM Curam Social Program Management (SPM) 6.1.x. Affected: IBM Curam SPM 6.1.x prior to 6.1.1.1. Type of issue: information disclosure caused by an access-control bypass that lets remote authenticated users obtain sensitive document information by guessing the document id. ...

CVE-2015-7401

IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106...

CVE-2016-0261

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web scri...

CVE-2016-0261

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web scri...

CVE-2016-0261

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web scri...

IBM Curam Social Program Management Privilege Gain Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Curam SPM. An attacker could exploit the vulnerability to revoke applications...

CVE-2018-1362

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380...

Code injection

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380...

CVE-2018-1362

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380...

CVE-2018-1362

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380...

CVE-2018-1362

IBM Cúram Social Program Management (Citizen Portal) is affected by CVE-2018-1362. Affected versions: 7.0.0.0–7.0.1.1, 6.2.0.0–6.2.0.6, 6.1.0.0–6.1.1.6, and 6.0.5.0–6.0.5.10. The vulnerability is an Insecure Direct Object Reference that could let an authenticated user withdraw another user’s subm...