CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2014-8903
https://notcve.org/view.php?id=CVE-2014-8903
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. IBM Curam Social Program Management 6.0 SP2 anterior a EP26, 6.0.4 anterior a 6.0.4.5iFix10 y 6.0.5 anterior a 6.0.5.6 permite que atacantes remotos carguen clases Java arbitrarias utilizando vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21700098 http://www.securityfocus.com/bid/73947 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0CVE-2017-1106
https://notcve.org/view.php?id=CVE-2017-1106
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22004580 http://www.securityfocus.com/bid/99306 https://exchange.xforce.ibmcloud.com/vulnerabilities/120744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-8923
https://notcve.org/view.php?id=CVE-2016-8923
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. IBM Curam Social Program Management 5.2, 6.0 y 7.0 contienen una vulnerabilidad que podría permitir a usuarios autorizados obtener información sensible del perfil de un usuario más privilegiado al que no debería tener acceso. IBM X-Force ID: 118536. • http://www.ibm.com/support/docview.wss?uid=swg22001774 http://www.securityfocus.com/bid/97989 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9978
https://notcve.org/view.php?id=CVE-2016-9978
IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254. IBM Curam Social Program Management 5.2, 6.0 y 7.0 podría permitir a un atacante autenticado revelar información confidencial. IBM X-Force ID: 120254. • http://www.ibm.com/support/docview.wss?uid=swg22001782 http://www.securityfocus.com/bid/97990 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2016-9980
https://notcve.org/view.php?id=CVE-2016-9980
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256. IBM Curam Social Program Management 5.2, 6.0 y 7.0 es vulnerable a XSS. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22001779 http://www.securityfocus.com/bid/98005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •