CVE-2020-4773

CVE-2020-4773 is a CSRF vulnerability affecting IBM Cúram Social Program Management (Curam SPM) versions 7.0.9 and 7.0.10. The issue is a cross-site request forgery that could force authenticated users to perform unwanted actions on the application, limited to a single server class with no impact...

CVE-2020-4773

A cross-site request forgery CSRF vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no...

CVE-2020-4772

The CVE-2020-4772 XXE vulnerability affects IBM Cúram Social Program Management (Curam SPM) 7.0.9 and 7.0.10. The root cause is an XML External Entity Injection flaw in Curam SPM components, leading to potential exposure of sensitive data and the possibility of DoS, SSRF, or memory/resource exhau...

IBM Cúram Social Program Management Access Control Error Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management XPath, which arises from errors such as...

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability (CNVD-2020-59038)

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that stems from an OOTB build script...

Security Bulletin: OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management (CVE-2020-4780)

Summary OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Cúram Social Program Management. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorised parties. Vulnerability Details CVEID: CVE-2020-4780 DESCRIPTION: OOT...

Security Bulletin: A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4779)

Summary A HTTP Verb Tampering vulnerability may impact IBM Cúram Social Program Management. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. Vulnerability Details CVEID: CVE-2020-4779 DESCRIPTION: A HTTP Verb Tampering...

Security Bulletin: An XML External Entity Injection (XXE) vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4772)

Summary An XML External Entity Injection XXE vulnerability may impact IBM Cúram Social Program Management. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. Vulnerability Details CVEID:...

Security Bulletin: Multiple IBM DB2 Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Multiple IBM DB2 Server security vulnerabilities affect IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2020-4386 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Vulnerability Details CVEID: CVE-2020-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the RDBMS/Optimizer component could allow an authenticated attacker to...

Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Vulnerability Details CVEID: CVE-2020-4200 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 10.5, 11.1, and 11.5 could allow an authenticated attacke...

Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Security Bulletin: Multiple DB2 Database Server Security Vulnerabilities Affect IBM Emptoris Program Management Vulnerability Details CVEID: CVE-2020-4230 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 and 11.5 is vulnerable to an escalation of privilege...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Oracle Database Server Publicly disclosed vulnerability affects IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2020-2527 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to obta...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management

Summary Oracle Database Server Publicly disclosed vulnerability affects IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2019-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Core RDBMS component could allow an authenticated attacker to caus...

Security Bulletin: Vulnerability in Apache Commons Beanutils library affect IBM Cúram Social Program Management (CVE-2019-10086)

Summary IBM Cúram Social Program Management uses the Apache Commons Beanutils library, for which there is a publicly known vulnerability. The vulnerability could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean...

Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-17531, CVE-2019-17267, CVE-2019-16942, CVE-2019-16335, CVE-2019-14540)

Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there are five publicly known vulnerabilities. All of the vulnerabilities, which are caused by various polymorphic typing issues, could enable a remote attacker to obtain sensitive information. Vulnerabili...

Security Bulletin: Vulnerability in Google Guava affects IBM Cúram Social Program Management (CVE-2018-10237)

Summary IBM Cúram Social Program Management uses the Google Guava library indirectly through Google Guice. In versions of Google Guava library before version 24.1.1, an unbounded memory allocation vulnerability enables remote attackers to conduct denial of service attacks against servers that...

The vulnerability in the “Regional Capital Renovation Program Management” platform, related to deficiencies in the authentication mechanism, allows a violator to select user account names.

The vulnerability in the “Regional Program Capital Renovation Management” platform is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to select user accounts using specially crafted POST requests...

Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness

The “Lessons learned from the Microsoft SOC” blog series is designed to share our approach and experience with security operations center SOC operations, so you can use what we learned to improve your SOC. The learnings in the series come primarily from Microsoft’s corporate IT security operation...

Cross site request forgery (csrf)

IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891...