CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1654
https://notcve.org/view.php?id=CVE-2018-1654
11 Dec 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: ... • http://www.securityfocus.com/bid/106187 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1900
https://notcve.org/view.php?id=CVE-2018-1900
11 Dec 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.3 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban códig... • http://www.securityfocus.com/bid/106189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0261
https://notcve.org/view.php?id=CVE-2016-0261
12 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Curam Social Program Management, en versiones 6.0.0 anteriores a SP2 EP29; versiones 6.0.4 anteriores... • http://www-01.ibm.com/support/docview.wss?uid=swg21981103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1362
https://notcve.org/view.php?id=CVE-2018-1362
19 Jan 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 en Citizen Portal podría permitir que un usuario autenticado elimine aplicaciones enviadas por otro usuario del sistema y, posiblemente, obtenga privilegios. IBM X-Force ID: 137380. • http://www.ibm.com/support/docview.wss?uid=swg22012528 •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2017-1739
https://notcve.org/view.php?id=CVE-2017-1739
11 Jan 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código Java... • http://www.ibm.com/support/docview.wss?uid=swg22012366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0CVE-2017-1740
https://notcve.org/view.php?id=CVE-2017-1740
11 Jan 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.2 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeb... • http://www.ibm.com/support/docview.wss?uid=swg22012372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0CVE-2017-1195
https://notcve.org/view.php?id=CVE-2017-1195
29 Aug 2017 — IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. IBM Cur... • http://www.ibm.com/support/docview.wss?uid=swg22007160 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9732
https://notcve.org/view.php?id=CVE-2016-9732
28 Aug 2017 — IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. IBM Curam Social Program Management 6.0, 6.1, 6.2 y 7.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz ... • http://www.ibm.com/support/docview.wss?uid=swg22007156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2017-1110 – Ubuntu Security Notice USN-4309-1
https://notcve.org/view.php?id=CVE-2017-1110
28 Aug 2017 — IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915. IBM Curam Social Program Management 6.0, 6.1, 6.2 y 7.0 contiene una vulnerabilidad no especificada que podría permitir que un usuario autenticado visualice los incidentes de un usuario con más privilegios. IBM X-Force ID: 120915. It was discovered that Vim incorrectly handled certain sources. • http://www.ibm.com/support/docview.wss?uid=swg22007161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-8903
https://notcve.org/view.php?id=CVE-2014-8903
02 Aug 2017 — IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5iFix10 y 6.0.5 anterior a 6.0.5.6 permite que atacantes remotos carguen clases Java arbitrarias utilizando vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21700098 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •