Lucene search
K

221 matches found

NVD
NVD
added 2018/12/11 4:29 p.m.24 views

CVE-2018-1654

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL...

6.8CVSS6.2AI score0.0131EPSS
Exploits0References3
Prion
Prion
added 2018/12/11 4:29 p.m.18 views

Cross site scripting

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

3.5CVSS5.2AI score0.00968EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/12/11 4:0 p.m.56 views

CVE-2018-1654

IBM Cúram Social Program Management CVE-2018-1654 is an open redirect vulnerability that enables a remote attacker to perform phishing by spoofing the displayed URL and redirecting users to a malicious site. Affected IBM Cúram SPM versions span 6.0.5.0–6.2.0.6, 7.0.0.0–7.0.3.0, with remediation g...

6.8CVSS5.8AI score0.0131EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/11 4:0 p.m.17 views

CVE-2018-1900

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/12/11 4:0 p.m.19 views

CVE-2018-1654

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL...

6.8CVSS6.2AI score0.0131EPSS
Exploits0References3
CVE
CVE
added 2018/12/11 4:0 p.m.44 views

CVE-2018-1900

CVE-2018-1900 is a stored cross-site scripting vulnerability in IBM Cúram Social Program Management. IBM’s bulletin lists affected versions: 6.0.5.x, 6.1.0.x–6.1.1.x, 6.2.0.x, 7.0.1, 7.0.3 (and 7.0.2.x–7.0.4.x in 7.0 line). The issue arises in rendering rich text fields when content can pass thro...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/12/11 12:0 a.m.3 views

IBM Curam Social Program Management HTML Injection Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM in the United States. The solution supports the end-to-end social program delivery process.Social Program Management Design System is one of the Social Program Management Design System components. A...

6.1CVSS6.4AI score0.01702EPSS
Exploits0References1
NVD
NVD
added 2018/12/10 2:29 p.m.16 views

CVE-2018-1671

IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951...

6.1CVSS6.3AI score0.01702EPSS
Exploits0References3
CVE
CVE
added 2018/12/10 2:0 p.m.45 views

CVE-2018-1671

CVE-2018-1671 affects IBM Curam Social Program Management 7.0.3, via the Social Program Management Design System HTML injection vulnerability. The Design System component (versions prior to 1.4.0) allows remote HTML injection executed in the victim’s browser within the hosting site’s security con...

6.1CVSS6.3AI score0.01702EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/10 2:0 p.m.21 views

CVE-2018-1671

IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951...

6.3AI score0.01702EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/07 2:30 p.m.33 views

Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)

Summary IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of AbstractDocument. Fix has been put in place to check the class type before...

9.8CVSS0.6AI score0.19523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/06 3:40 p.m.18 views

Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654)

Summary A recent penetration test in the product identified that an open redirect issue exists in the IBM Cúram Social Program Management product. The issue could enable a remote attacker to use an attack vector to conduct an open redirect attack, where a redirect value is not validated...

6.8CVSS0.7AI score0.0131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/05 4:35 p.m.17 views

Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671)

Summary An HTML injection vulnerability was detected in the IBM Social Program Management Design System component of the IBM Cúram Social Program Management product. It was discovered that input data for some tags was not sanitized in a secure way. Vulnerability Details CVEID: CVE-2018-1671...

6.1CVSS2AI score0.01702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/20 2:44 p.m.33 views

Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)

Summary IBM Cúram is shipped with a third party library called Apache Batik, which is vulnerable to specially crafted SVG files. These files can potientially be used to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION: Apache Batik could allow ...

6.4CVSS1AI score0.16564EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/17 10:8 a.m.19 views

Security BULLETIN: IBM Cúram Social Program Management is vulnerable to cross site scripting attack(CVE-2014-6192).

Summary IBM Cúram Social Program Management is vulnerable to a cross site scripting attack. Vulnerability Details CVEID: CVE-2014-6192 DESCRIPTION: Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

3.5CVSS0.4AI score0.00783EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/16 4:34 p.m.20 views

Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)

Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...

3.5CVSS0.8AI score0.00772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/16 4:20 p.m.26 views

Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)

Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...

1.6AI score0.01066EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/02 12:9 p.m.20 views

Security Bulletin: IBM Cúram is vulnerable to cross site scripting attack (CVE-2014-3096)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user supplied input. Vulnerability Details CVEID: CVE-2014-3096 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation...

3.5CVSS1.1AI score0.00759EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:9 p.m.19 views

Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim's web browser. Vulnerability Details CVEID:...

5.4CVSS0.5AI score0.00729EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:9 p.m.16 views

Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739)

Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by getting a victim to browse to the stored information and their browser will execute the script...

5.4CVSS0.7AI score0.00729EPSS
Exploits0Affected Software1
Rows per page
Query Builder