CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-8903
https://notcve.org/view.php?id=CVE-2014-8903
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5iFix10 y 6.0.5 anterior a 6.0.5.6 permite que atacantes remotos carguen clases Java arbitrarias utilizando vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21700098 http://www.securityfocus.com/bid/73947 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0CVE-2017-1106
https://notcve.org/view.php?id=CVE-2017-1106
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22004580 http://www.securityfocus.com/bid/99306 https://exchange.xforce.ibmcloud.com/vulnerabilities/120744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4843
https://notcve.org/view.php?id=CVE-2014-4843
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. Curam Universal Access en IBM Curam Social Program Management (SPM), versiones 6.0 SP2 anteriores a la EP26, 6.0.4 anteriores a la 6.0.4.6 y 6.0.5 anteriores a la 6.0.5.5 iFix5 permite a atacantes remotos obtener información sensible acerca de los nombres de los usuarios internos a través de vectores relacionados con la URL. • http://www-01.ibm.com/support/docview.wss?uid=swg21698548 http://www.securityfocus.com/bid/73943 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-8923
https://notcve.org/view.php?id=CVE-2016-8923
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. IBM Curam Social Program Management 5.2, 6.0 y 7.0 contienen una vulnerabilidad que podría permitir a usuarios autorizados obtener información sensible del perfil de un usuario más privilegiado al que no debería tener acceso. IBM X-Force ID: 118536. • http://www.ibm.com/support/docview.wss?uid=swg22001774 http://www.securityfocus.com/bid/97989 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9978
https://notcve.org/view.php?id=CVE-2016-9978
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. IBM Curam Social Program Management 5.2, 6.0 y 7.0 podría permitir a un atacante autenticado revelar información confidencial. IBM X-Force ID: 120254. • http://www.ibm.com/support/docview.wss?uid=swg22001782 http://www.securityfocus.com/bid/97990 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •