CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4774
https://notcve.org/view.php?id=CVE-2020-4774
12 Oct 2020 — An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. Una vulnerabilidad de tipo XPath puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, causada por el manejo inapropiado de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189152 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4773
https://notcve.org/view.php?id=CVE-2020-4773
12 Oct 2020 — A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. Una vulnerabilidad de tipo cross-site request forgery (CSRF) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, que es un at... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189151 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4772
https://notcve.org/view.php?id=CVE-2020-4772
12 Oct 2020 — An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. Una vulnerabilidad de tipo XML External Entity Injection (XXE) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Un atacante remoto podría explotar esta vulnerabilidad para exponer ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189150 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2001
https://notcve.org/view.php?id=CVE-2018-2001
07 May 2019 — IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. IBM Cram Social Program Management, versiones 6.1.1, 6.2.0, 7.0.4 y 7.0.5, es vulnerable a ataques CSRF, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. IBM X-... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1654
https://notcve.org/view.php?id=CVE-2018-1654
11 Dec 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: ... • http://www.securityfocus.com/bid/106187 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1900
https://notcve.org/view.php?id=CVE-2018-1900
11 Dec 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.3 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban códig... • http://www.securityfocus.com/bid/106189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1671
https://notcve.org/view.php?id=CVE-2018-1671
10 Dec 2018 — IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-force ID: 144951. IBM Curam Social Program Management 7.0.3 es vulnerable a una inyección HTML. Un atacante remoto podría inyectar código HTML malicioso que, al ser visualizado, se ejecutaría en el navegador web de la víctima en el contexto de seguridad del sitio q... • http://www.securityfocus.com/bid/106202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7401
https://notcve.org/view.php?id=CVE-2015-7401
26 Mar 2018 — IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106. Las versiones 6.1.x de IBM Curam Social Program Management anteriores a la 6.1.1.1 permiten que usuarios autenticados remotos omitan restricciones de acceso previstas y obtengan información de documentos de carácter sensible adivinando el identificador del documento. IBM X-Force ID: 107... • http://www-01.ibm.com/support/docview.wss?uid=swg21977425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0261
https://notcve.org/view.php?id=CVE-2016-0261
12 Mar 2018 — Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Curam Social Program Management, en versiones 6.0.0 anteriores a SP2 EP29; versiones 6.0.4 anteriores... • http://www-01.ibm.com/support/docview.wss?uid=swg21981103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1362
https://notcve.org/view.php?id=CVE-2018-1362
19 Jan 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 en Citizen Portal podría permitir que un usuario autenticado elimine aplicaciones enviadas por otro usuario del sistema y, posiblemente, obtenga privilegios. IBM X-Force ID: 137380. • http://www.ibm.com/support/docview.wss?uid=swg22012528 •