CVE-2020-4773

A cross-site request forgery CSRF vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no...

CVE-2020-4774

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...

CVE-2020-4775

A cross-site scripting XSS vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IB...

CVE-2020-4776

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID:...

Input validation

An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...

Xxe

An XML External Entity Injection XXE vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 18915...

Cross site scripting

A cross-site scripting XSS vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IB...

Path traversal

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID:...

Design/Logic Flaw

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...

CVE-2020-4780

CVE-2020-4780 affects IBM Cúram Social Program Management (Curam SPM) 7.0.9 and 7.0.10. The root cause is that the OOTB build scripts do not set the secure attribute on the session cookie, enabling potential cookie exposure to unauthorized parties. Impact is described as cookies possibly being ob...

CVE-2020-4781

Affected product: IBM Cúram Social Program Management (Curam SPM) versions 7.0.9 and 7.0.10. Root cause: improper input validation before calling java readLine(), leading to denial of service. CVSS base 6.5 (3.0/3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Impact: Denial of service as stated...

CVE-2020-4778

CVE-2020-4778 affects IBM Cúram Social Program Management, with vulnerable tokens hashed using MD5 in 7.0.9 and 7.0.10. Root cause: MD5 hashing of a token in a single instance, weaker than SHA-256 currently used in the app. Impact described by IBM: CVSS base score 5.9; confidentiality impact high...

CVE-2020-4778

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...

CVE-2020-4779

A HTTP Verb Tampering vulnerability (CVE-2020-4779) affects IBM Cúram Social Program Management 7.0.9 and 7.0.10, enabling an attacker to bypass security access controls by sending specially crafted requests. Root cause details are not fully enumerated in the provided documents, but the IBM advis...

CVE-2020-4775

A cross-site scripting XSS vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IB...

CVE-2020-4774

The CVE-2020-4774 issue concerns IBM Cúram Social Program Management (Curam SPM) versions 7.0.9 and 7.0.10, where an XPath vulnerability arises from improper handling of user-supplied input. This could allow a remote attacker to obtain unauthorized access or disclose XML document structure/conten...

CVE-2020-4774

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...

CVE-2020-4776

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID:...

CVE-2020-4775

The connected IBM IBM Cúram/Curam vulnerability entry CVE-2020-4775 is an XSS issue that affects Curam Social Program Management versions 7.0.9 and 7.0.10. The IBM security bulletin corroborates the affected products/versions and describes the impact as attackers injecting malicious scripts into ...

CVE-2020-4776

CVE-2020-4776 is a path traversal vulnerability affecting IBM Cúram Social Program Management 7.0.9 and 7.0.10. A remote attacker could craft a URL path to view arbitrary files on the system. Remediation: upgrade to 7.0.10 iFix2 or to a later 7.0.10 release, or 7.0.9 iFix5 or later. Affected prod...