221 matches found
CVE-2018-1654
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL...
Cross site scripting
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2018-1654
IBM Cúram Social Program Management CVE-2018-1654 is an open redirect vulnerability that enables a remote attacker to perform phishing by spoofing the displayed URL and redirecting users to a malicious site. Affected IBM Cúram SPM versions span 6.0.5.0–6.2.0.6, 7.0.0.0–7.0.3.0, with remediation g...
CVE-2018-1900
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2018-1654
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL...
CVE-2018-1900
CVE-2018-1900 is a stored cross-site scripting vulnerability in IBM Cúram Social Program Management. IBM’s bulletin lists affected versions: 6.0.5.x, 6.1.0.x–6.1.1.x, 6.2.0.x, 7.0.1, 7.0.3 (and 7.0.2.x–7.0.4.x in 7.0 line). The issue arises in rendering rich text fields when content can pass thro...
IBM Curam Social Program Management HTML Injection Vulnerability
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM in the United States. The solution supports the end-to-end social program delivery process.Social Program Management Design System is one of the Social Program Management Design System components. A...
CVE-2018-1671
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951...
CVE-2018-1671
CVE-2018-1671 affects IBM Curam Social Program Management 7.0.3, via the Social Program Management Design System HTML injection vulnerability. The Design System component (versions prior to 1.4.0) allows remote HTML injection executed in the victim’s browser within the hosting site’s security con...
CVE-2018-1671
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951...
Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)
Summary IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of AbstractDocument. Fix has been put in place to check the class type before...
Security Bulletin: IBM Cúram Social Program Management contains an open redirect vulnerability (CVE-2018-1654)
Summary A recent penetration test in the product identified that an open redirect issue exists in the IBM Cúram Social Program Management product. The issue could enable a remote attacker to use an attack vector to conduct an open redirect attack, where a redirect value is not validated...
Security Bulletin: IBM Social Program Management Design System contains an HTML injection vulnerability (CVE-2018-1671)
Summary An HTML injection vulnerability was detected in the IBM Social Program Management Design System component of the IBM Cúram Social Program Management product. It was discovered that input data for some tags was not sanitized in a secure way. Vulnerability Details CVEID: CVE-2018-1671...
Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)
Summary IBM Cúram is shipped with a third party library called Apache Batik, which is vulnerable to specially crafted SVG files. These files can potientially be used to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION: Apache Batik could allow ...
Security BULLETIN: IBM Cúram Social Program Management is vulnerable to cross site scripting attack(CVE-2014-6192).
Summary IBM Cúram Social Program Management is vulnerable to a cross site scripting attack. Vulnerability Details CVEID: CVE-2014-6192 DESCRIPTION: Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...
Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)
Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...
Security Bulletin: A page in IBM Curam Universal Access contains a risk of Sensitive Information Exposure(CVE-2014-4804)
Summary It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access. Vulnerability Details CVEID: CVE-2014-4804 It may be possible for a remote attacker to access sensitive information via a particular...
Security Bulletin: IBM Cúram is vulnerable to cross site scripting attack (CVE-2014-3096)
Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user supplied input. Vulnerability Details CVEID: CVE-2014-3096 DESCRIPTION: IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation...
Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1740)
Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by using a specially crafted URL to run a script in a victim's web browser. Vulnerability Details CVEID:...
Security Bulletin: Fix available for Stored Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2017-1739)
Summary IBM Cúram Social Program Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker might exploit this vulnerability by getting a victim to browse to the stored information and their browser will execute the script...