CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4942
https://notcve.org/view.php?id=CVE-2020-4942
04 Jan 2021 — IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. IBM Curam Social Program Management versiones 7.0.9 y 7.0.11, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía.&... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4781
https://notcve.org/view.php?id=CVE-2020-4781
12 Oct 2020 — An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. Una comprobación de entrada inapropiada antes de llamar a un método readLine() de java puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podría resultar en una denegación de servicio. IBM X-Force ID: 189159 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4780
https://notcve.org/view.php?id=CVE-2020-4780
12 Oct 2020 — OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. Los scripts de compilación de OOTB no establecen el atributo seguro en la cookie de sesión, lo que puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0,10. El propósito del atributo "secure" es impedir que las cookies s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189158 • CWE-613: Insufficient Session Expiration •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4779
https://notcve.org/view.php?id=CVE-2020-4779
12 Oct 2020 — A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. Una vulnerabilidad de tipo Verb Tampering HTTP puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para omitir los controles de acces... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189157 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4778
https://notcve.org/view.php?id=CVE-2020-4778
12 Oct 2020 — IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, usa un algoritmo MD5 para el hash del token en una sola instancia, que es menos seguro que el algoritmo criptográfico predeterminado SHA-256 usado en toda la aplicación Cúram. IBM X-Force ID: 189156 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189156 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4776
https://notcve.org/view.php?id=CVE-2020-4776
12 Oct 2020 — A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. Una vulnerabilidad de salto de ruta puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4775
https://notcve.org/view.php?id=CVE-2020-4775
12 Oct 2020 — A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153. Una vulnerabilidad de tipo cross-site scripting (XSS) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Esta vulnerabilidad permite a atacantes inyectar scripts m... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4774
https://notcve.org/view.php?id=CVE-2020-4774
12 Oct 2020 — An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. Una vulnerabilidad de tipo XPath puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, causada por el manejo inapropiado de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189152 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4773
https://notcve.org/view.php?id=CVE-2020-4773
12 Oct 2020 — A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. Una vulnerabilidad de tipo cross-site request forgery (CSRF) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, que es un at... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189151 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4772
https://notcve.org/view.php?id=CVE-2020-4772
12 Oct 2020 — An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. Una vulnerabilidad de tipo XML External Entity Injection (XXE) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Un atacante remoto podría explotar esta vulnerabilidad para exponer ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189150 • CWE-611: Improper Restriction of XML External Entity Reference •