CVSS: 9.1EPSS: 0%CPEs: 39EXPL: 0CVE-2016-6111
https://notcve.org/view.php?id=CVE-2016-6111
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833. IBM Curam Social Program Management 6.0 y 7.0 son vulnerables a una denegación de servicio, causada por un error de XML Entity Injection XXE al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. • http://www.ibm.com/support/docview.wss?uid=swg22000833 http://www.securityfocus.com/bid/97244 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-5023
https://notcve.org/view.php?id=CVE-2015-5023
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Curam Social Program Management 6.1 en versiones anteriores a 6.1.1 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21967851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •