CVE-2016-9978

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254...

CVE-2016-9979

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

Design/Logic Flaw

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536...

Cross site scripting

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

Cross site scripting

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

Code injection

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254...

CVE-2016-9978

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254...

CVE-2016-9980

CVE-2016-9980 affects IBM Cúram Social Program Management and is due to improper validation of user input, allowing cross-site scripting in the Web UI. Affected versions span IBM Cúram SPM 5.2 SP6, 6.0.x (including 6.0.0–6.0.5.x), 6.1.x (6.1.0–6.1.1.x), 6.2.x (6.2.0.0–6.2.0.4), and 7.0.x (7.0.0.0...

CVE-2016-9980

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2016-9979

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2016-8923

IBM Cúram Social Program Management (SMPM) 5.2, 6.0 and 7.0 contain an authenticated user privilege/visibility flaw that allows viewing sensitive information from higher-sensitivity profiles via a specially crafted URL. Affected VRMF ranges include 7.0.0.0, 6.2.x, 6.1.x, 6.0.x, and 5.2.x. IBM rem...

CVE-2016-9979

CVE-2016-9979 affects IBM Cúram Social Program Management. The issue is cross-site scripting caused by improper validation of user-supplied input, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected versions incl...

CVE-2016-9978

IBM Curam Social Program Management (Cúram) versions affected: 5.2.0.0–5.2.0 SP6, 6.0.x and 6.2.x up to 6.2.0.3/6.2.0.4, 6.1.x up to 6.1.1.4, and 7.0.0.0–7.0.0.0. An authenticated attacker could bypass Security Sensitivity controls via a specially crafted URL to disclose information tied to highe...

CVE-2016-8923

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536...

CVE-2016-6111

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources...

CVE-2016-6111

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources...

Xxe

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources...

CVE-2016-6111

IBM Cúram Social Program Management (SPM) is affected by CVE-2016-6111 due to an XML External Entity Injection (XXE) in XML data processing, causing denial of service with potential data exposure and memory depletion. The IBM Security Bulletin lists affected versions across SPM 5.2 SP6 up to 7.0....

CVE-2016-6111

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources...

IBM Cúram Social Program Management XML External Entity Injection Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Cúram Social Program Management suffers from an XML external entity injection vulnerability. A remote attacker cou...