CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22318
https://notcve.org/view.php?id=CVE-2022-22318
20 Jun 2022 — IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22317
https://notcve.org/view.php?id=CVE-2022-22317
20 Jun 2022 — IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro en el sistema. IBM X-Force ID: 218281 • https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39068
https://notcve.org/view.php?id=CVE-2021-39068
11 Apr 2022 — IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. IBM Curam Social Program Management versiones 8.0.1 y 7.0.11, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la I... • https://exchange.xforce.ibmcloud.com/vulnerabilities/215306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4942
https://notcve.org/view.php?id=CVE-2020-4942
04 Jan 2021 — IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. IBM Curam Social Program Management versiones 7.0.9 y 7.0.11, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía.&... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4781
https://notcve.org/view.php?id=CVE-2020-4781
12 Oct 2020 — An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. Una comprobación de entrada inapropiada antes de llamar a un método readLine() de java puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podría resultar en una denegación de servicio. IBM X-Force ID: 189159 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4780
https://notcve.org/view.php?id=CVE-2020-4780
12 Oct 2020 — OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. Los scripts de compilación de OOTB no establecen el atributo seguro en la cookie de sesión, lo que puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0,10. El propósito del atributo "secure" es impedir que las cookies s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189158 • CWE-613: Insufficient Session Expiration •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4779
https://notcve.org/view.php?id=CVE-2020-4779
12 Oct 2020 — A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. Una vulnerabilidad de tipo Verb Tampering HTTP puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para omitir los controles de acces... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189157 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4778
https://notcve.org/view.php?id=CVE-2020-4778
12 Oct 2020 — IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, usa un algoritmo MD5 para el hash del token en una sola instancia, que es menos seguro que el algoritmo criptográfico predeterminado SHA-256 usado en toda la aplicación Cúram. IBM X-Force ID: 189156 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189156 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4776
https://notcve.org/view.php?id=CVE-2020-4776
12 Oct 2020 — A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. Una vulnerabilidad de salto de ruta puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4775
https://notcve.org/view.php?id=CVE-2020-4775
12 Oct 2020 — A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user's device, restricted to a single location. IBM X-Force ID: 189153. Una vulnerabilidad de tipo cross-site scripting (XSS) puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Esta vulnerabilidad permite a atacantes inyectar scripts m... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •