3 matches found
Security Bulletin: IBM Cúram Universal Access exposes caseworker usernames under specific circumstances.(CVE-2014-4843).
Summary IBM Universal Access contains a page where internal caseworker usernames are exposed as part of a URL. This information could be used in subsequent attacks against that particular user, e.g. to cause account lockout. Vulnerability Details CVE-2014-4843 CVSS Base Score: 4.3 CVSS Temporal...
CVE-2014-4843
Curam Universal Access in IBM Curam Social Program Management SPM 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL...
CVE-2014-4843
IBM Cúram Universal Access in Curam SPM exposes internal caseworker usernames via a URL under specific versions: 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5. Root cause is information disclosure through URL construction. Impact: partial confidentiality compromise of ...