221 matches found
IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2022-46461)
IBM Curam Social Program Management is a business and technology solution from IBM that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. The vulnerability can be exploited by attackers to cause...
CVE-2021-39068
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
CVE-2021-39068
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
Cross site scripting
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
CVE-2021-39068
CVE-2021-39068 affects IBM Cúram Social Program Management versions 8.0.1 and 7.0.11. It is a cross-site scripting (XSS) vulnerability in the Web UI that allows embedding arbitrary JavaScript code, potentially altering functionality and leading to credentials disclosure within a trusted session. ...
CVE-2021-39068
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...
Security Bulletin: A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management(CVE-2021-39068)
Summary A cross-site scripting XSS vulnerability may impact IBM Cúram Social Program Management. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. Vulnerabili...
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in Google Gson (217225)
Summary IBM Cúram Social Program Management uses the Google Gson libraries, for which there is a publicly known vulnerability. For this vulnerability Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, a remote attacker cou...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)
Summary IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation. Vulnerability Details CVEID: CVE-2021-37714 DESCRIPTION: jsoup i...
Cross site request forgery (csrf)
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942...
CVE-2020-4778
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...
CVE-2020-4781
An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...
CVE-2020-4778
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
CVE-2020-4781
An improper input validation before calling java readLine method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159...
CVE-2020-4773
A cross-site request forgery CSRF vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no...
CVE-2020-4774
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...