CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2014-6192
https://notcve.org/view.php?id=CVE-2014-6192
25 May 2015 — Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5 iFix10, 6.0.5 anterior a 6.0.5.6, y 6.0.5.5a anterior a 6.0.5.8 permite a usuarios remotos autenticados inyectar secuencias de co... • http://www-01.ibm.com/support/docview.wss?uid=swg21700252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-6090
https://notcve.org/view.php?id=CVE-2014-6090
27 Apr 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Múltiples vulnerabilidades de CSRF en los servlets (1) DataMappingEditor... • http://www-01.ibm.com/support/docview.wss?uid=swg21697726 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-6092
https://notcve.org/view.php?id=CVE-2014-6092
27 Apr 2015 — IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name. IBM Curam Social Program Management (SPM) 5.2 anterior a SP6 EP6, 6.0 SP2 anterior a EP26, 6.0.4 anter... • http://www-01.ibm.com/support/docview.wss?uid=swg21697742 • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4804
https://notcve.org/view.php?id=CVE-2014-4804
14 Feb 2015 — Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page. Curam Universal Access en IBM Curam Social Program Management 5.2 anterior a SP6 EP6, 6.0 SP2 anterior a EP26, 6.0.4.5 anterior a iFix007, 6.0.5.4 anterior a iFix005, y 6.0.5.5 anterior a iFix003, cuando la inclusió... • http://www-01.ibm.com/support/docview.wss?uid=swg21695931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4803
https://notcve.org/view.php?id=CVE-2014-4803
13 Feb 2015 — CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter. Vulnerabilidad de inyección CRLF en la implementación Universal Access en IBM Curam Social Program Management 6.0 SP2 anterior a EP2... • http://www-01.ibm.com/support/docview.wss?uid=swg21695925 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3096
https://notcve.org/view.php?id=CVE-2014-3096
10 Jan 2015 — Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Curam Social Program Management anterior a 6.0.5.5a permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21692994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3012
https://notcve.org/view.php?id=CVE-2014-3012
18 Jun 2014 — Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs. Múltiples vulnerabilidades de inyección CRLF en IBM Curam Social Program Management 5.2 SP1 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuesta HTTP a través de parámetros n... • http://secunia.com/advisories/59257 •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2014-3013
https://notcve.org/view.php?id=CVE-2014-3013
18 Jun 2014 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer. Múltiples vulnerabilidades de XSS en IBM Curam Social Program Management 4.5 SP10 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de entradas manipuladas en un renderizador (1) custom JSP o (... • http://secunia.com/advisories/59259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •