90 matches found
Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)
Summary IBM Cúram Social Program Management uses the jackson-databind libraries, for which there is a publicly known vulnerability. FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...
CVE-2021-41487
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'...
CVE-2021-41487
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'...
NOKIA VitalSuite SPM SQL注入漏洞
NOKIA VitalSuite SPM is a multi-vendor, multi-application performance management solution from Nokia Finland. A security vulnerability exists in NOKIA VitalSuite SPM version 2020. An attacker exploited the vulnerability to perform SQL injection via UserName...
Security Bulletin: Cúram Social Program Management is vulnerable to arbitrary code execution and SQL injection issues due to Apache Log4j (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j library for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which could allow a remote attacker to execute arbitrary code on the system, or se...
CVE-2022-20063
In atf spm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715...
CVE-2022-20063
In atf spm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715...
CVE-2022-20063
CVE-2022-20063 affects atf (spm) with an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges required and user interaction for exploitation. Patch ALPS06171715 / ALPS06171715 is noted. Connected sources confirm this descrip...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2021-4104)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION...
isActive doesn't prevent owner from sweeping token from AaveV2Strategy, SDM and SPM
Handle wuwe1 Vulnerability details Proof of Concept isActive appear in these places: owner can bypass isActive check by setting a different address in sherlockCore Recommended Mitigation Steps Add Timelock on setting sherlockCore. --- The text was updated successfully, but these errors were...
Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44832 , CVE-2021-45105)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44832...
Security Bulletin: Vulnerabilities in Apache Log4j may affect Cúram Social Program Management (CVE-2021-44228 , CVE-2021-45046)
Summary IBM Cúram Social Program Management SPM uses the Apache Log4j libraries for SPM logging infrastructure. There are publicly known vulnerabilities for Apache Log4j which could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2021-44228...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in...
Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2020-9488)
Summary IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender...
Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)
Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...
Security Bulletin: Vulnerability in Apache Commons IO may affect Cúram Social Program Management (CVE-2021-29425)
Summary IBM Cúram Social Program Management uses the Apache Commons libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Commons IO, when invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus...
Security Bulletin: Vulnerability in Dojo may affect Cúram Social Program Management (CVE-2020-5258)
Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. For this vulnerability Dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing...
Security Bulletin: Vulnerability in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2020-25649)
Summary IBM Cúram Social Program Management uses the FasterXML Jackson libraries, for which there is a publicly known vulnerability. For this vulnerability FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. Vulnerability...
Security Bulletin: A cross-site request forgery (CSRF) vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management (CVE-2020-4942)
Summary A cross-site request forgery CSRF vulnerability may impact logout functionality in REST in IBM Cúram Social Program Management, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. Vulnerability Details CVEID:...