CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4774
https://notcve.org/view.php?id=CVE-2020-4774
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. Una vulnerabilidad de tipo XPath puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, causada por el manejo inapropiado de una entrada suministrada por el usuario. Mediante el envío de una entrada especialmente diseñada, un atacante remoto podría explotar esta vulnerabilidad para conseguir acceso no autorizado o revelar información confidencial, como la estructura y el contenido de un documento XML. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189152 https://www.ibm.com/support/pages/node/6346595 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4773
https://notcve.org/view.php?id=CVE-2020-4773
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151. Una vulnerabilidad de tipo cross-site request forgery (CSRF) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, que es un ataque que forza a un usuario a ejecutar acciones no deseadas en la aplicación web mientras está actualmente autenticado. Esto se aplica a una única clase de servidor, sin impacto en el resto de la aplicación web. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189151 https://www.ibm.com/support/pages/node/6344097 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4772
https://notcve.org/view.php?id=CVE-2020-4772
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150. Una vulnerabilidad de tipo XML External Entity Injection (XXE) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial, una denegación de servicio, un ataque de tipo server side request forgery o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189150 https://www.ibm.com/support/pages/node/6344069 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2001
https://notcve.org/view.php?id=CVE-2018-2001
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. IBM Cram Social Program Management, versiones 6.1.1, 6.2.0, 7.0.4 y 7.0.5, es vulnerable a ataques CSRF, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. IBM X-Force ID: 154891. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 https://www.ibm.com/support/docview.wss?uid=ibm10883184 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1900
https://notcve.org/view.php?id=CVE-2018-1900
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.3 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106189 https://exchange.xforce.ibmcloud.com/vulnerabilities/152529 https://www.ibm.com/support/docview.wss?uid=ibm10739035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •