CVE-2017-1110

CVE-2017-1110 affects IBM Cúram Social Program Management (SPM) across multiple VMF versions (7.0.0.0–7.0.0.1; 6.2.0.0–6.2.0.4; 6.1.1.0–6.1.1.4; 6.1.0.0–6.1.0.4; 6.0.5.0–6.0.5.10; 6.0.4.0–6.0.4.9). An authenticated user could view the incidents of a higher-privileged user; the vulnerability is un...

CVE-2016-9732

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2017-1110

IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915...

CVE-2014-8903

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...

Code injection

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...

CVE-2014-8903

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...

CVE-2014-8903

CVE-2014-8903 affects IBM Cúram Social Program Management (versions 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10, and 6.0.5 before 6.0.5.6). Root cause: Java reflection attack where external input specifies a class name, allowing remote authenticated users to load arbitrary Java classes. Impac...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-16024)

IBM Curam Social Program Management is a suite of social program management solutions from IBM in the United States that support the end-to-end social program delivery process. A cross-site scripting vulnerability exists in IBM Curam Social Program Management, which can be exploited by an attacke...

Cross site scripting

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2017-1106

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2017-1106

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2017-1106

CVE-2017-1106 affects IBM Cúram Social Program Management versions 5.2.0.0–5.2.0 SP6, 6.0.x, 6.1.x, 6.2.x, and 7.0.x. The vulnerability is a cross‑site scripting flaw in the SWF files shipped with the product, due to a vulnerable Adobe Flex SDK. An attacker could embed arbitrary JavaScript in the...

IBM Curam Social Program Management Curam Universal Access Information Disclosure Vulnerability (CNVD-2017-09517)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM in the United States. The solution supports the end-to-end process of social program delivery.Curam Universal Access is a suite of software solutions. An information disclosure vulnerability exists ...

Design/Logic Flaw

Curam Universal Access in IBM Curam Social Program Management SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-08126)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Curam Social Program Management suffers from a cross-site scripting vulnerability that originates from the program...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-08125)

IBM Curam Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Curam Social Program Management suffers from a cross-site scripting vulnerability that originates from the program faili...

IBM Curam Social Program Management Information Disclosure Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Curam SPM versions 5.2, 6.0 and 7.0. An attacker could exploit the vulnerability ...

CVE-2016-9980

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2016-8923

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536...

CVE-2016-9978

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254...