Lucene search
K

90 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 1:36 p.m.31 views

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)

Summary IBM Cúram Social Program Management uses the jackson-databind libraries, for which there is a publicly known vulnerability. FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...

0.8AI score
Exploits0Affected Software1
OSV
OSV
added 2022/06/16 6:15 p.m.5 views

CVE-2021-41487

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'...

9.8CVSS5.8AI score0.01678EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/06/16 5:24 p.m.25 views

CVE-2021-41487

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'...

10AI score0.01678EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/16 12:0 a.m.6 views

NOKIA VitalSuite SPM SQL注入漏洞

NOKIA VitalSuite SPM is a multi-vendor, multi-application performance management solution from Nokia Finland. A security vulnerability exists in NOKIA VitalSuite SPM version 2020. An attacker exploited the vulnerability to perform SQL injection via UserName...

9.8CVSS8.6AI score0.01678EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/09 11:57 a.m.55 views

Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...

9.8CVSS2.3AI score0.66537EPSS
Exploits1Affected Software1
NVD
NVD
added 2022/04/11 8:15 p.m.18 views

CVE-2022-20063

In atf spm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715...

6.9CVSS0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/11 7:37 p.m.23 views

CVE-2022-20063

In atf spm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715...

6.9AI score0.00128EPSS
Exploits0References1
CVE
CVE
added 2022/04/11 7:37 p.m.80 views

CVE-2022-20063

CVE-2022-20063 affects atf (spm) with an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges required and user interaction for exploitation. Patch ALPS06171715 / ALPS06171715 is noted. Connected sources confirm this descrip...

6.9CVSS6.6AI score0.00128EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 5:0 p.m.31 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION...

7.5CVSS3.5AI score0.81147EPSS
Exploits9Affected Software1
Code423n4
Code423n4
added 2022/01/23 12:0 a.m.7 views

isActive doesn't prevent owner from sweeping token from AaveV2Strategy, SDM and SPM

Handle wuwe1 Vulnerability details Proof of Concept isActive appear in these places: owner can bypass isActive check by setting a different address in sherlockCore Recommended Mitigation Steps Add Timelock on setting sherlockCore. --- The text was updated successfully, but these errors were...

7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/14 10:51 a.m.59 views

Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44832 , CVE-2021-45105)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44832...

10CVSS2.6AI score0.99999EPSS
Exploits360Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/16 10:56 p.m.109 views

Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44228 , CVE-2021-45046)

Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44228...

10CVSS1.3AI score0.99999EPSS
Exploits356Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/29 1:23 p.m.58 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...

9.8CVSS9.3AI score0.6906EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:45 p.m.36 views

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)

Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender...

4.3CVSS6.3AI score0.08096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:6 p.m.37 views

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

9.8CVSS0.8AI score0.02611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:33 p.m.81 views

Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...

7.5CVSS0.2AI score0.1121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/03 1:47 p.m.45 views

Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425)

Summary IBM Cúram Social Program Management uses the Apache Commons libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Commons IO, when invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus...

5.8CVSS1.6AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/03 10:52 a.m.28 views

Security Bulletin: Vulnerability in Dojo may affect Cúram Social Program Management (CVE-2020-5258)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. For this vulnerability Dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing...

7.7CVSS1.3AI score0.0399EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/08 5:36 p.m.38 views

Security Bulletin: Vulnerability in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2020-25649)

Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there is a publicly known vulnerability. For this vulnerability FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. Vulnerability...

7.5CVSS1.3AI score0.17611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/31 1:6 p.m.19 views

Security Bulletin: A cross-site request forgery (CSRF) vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management (CVE-2020-4942)

Summary A cross-site request forgery CSRF vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. Vulnerability Details CVEID:...

8.8CVSS1.5AI score0.00525EPSS
Exploits0Affected Software1
Rows per page
Query Builder