CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-8923
https://notcve.org/view.php?id=CVE-2016-8923
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. IBM Curam Social Program Management 5.2, 6.0 y 7.0 contienen una vulnerabilidad que podría permitir a usuarios autorizados obtener información sensible del perfil de un usuario más privilegiado al que no debería tener acceso. IBM X-Force ID: 118536. • http://www.ibm.com/support/docview.wss?uid=swg22001774 http://www.securityfocus.com/bid/97989 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9978
https://notcve.org/view.php?id=CVE-2016-9978
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. IBM Curam Social Program Management 5.2, 6.0 y 7.0 podría permitir a un atacante autenticado revelar información confidencial. IBM X-Force ID: 120254. • http://www.ibm.com/support/docview.wss?uid=swg22001782 http://www.securityfocus.com/bid/97990 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9980
https://notcve.org/view.php?id=CVE-2016-9980
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001779 http://www.securityfocus.com/bid/98005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 39EXPL: 0CVE-2016-6111
https://notcve.org/view.php?id=CVE-2016-6111
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. IBM Curam Social Program Management 6.0 y 7.0 son vulnerables a una denegación de servicio, causada por un error de XML Entity Injection XXE al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg22000833 http://www.securityfocus.com/bid/97244 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-5023
https://notcve.org/view.php?id=CVE-2015-5023
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Curam Social Program Management 6.1 en versiones anteriores a 6.1.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21967851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •