CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22318
https://notcve.org/view.php?id=CVE-2022-22318
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 https://www.ibm.com/support/pages/node/6596049 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22317
https://notcve.org/view.php?id=CVE-2022-22317
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro en el sistema. IBM X-Force ID: 218281 • https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 https://www.ibm.com/support/pages/node/6596049 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39068
https://notcve.org/view.php?id=CVE-2021-39068
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306. IBM Curam Social Program Management versiones 8.0.1 y 7.0.11, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario de la Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/215306 https://www.ibm.com/support/pages/node/6570589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4942
https://notcve.org/view.php?id=CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. IBM Curam Social Program Management versiones 7.0.9 y 7.0.11, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía. IBM X-Force ID: 191942. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 https://www.ibm.com/support/pages/node/6395108 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4781
https://notcve.org/view.php?id=CVE-2020-4781
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. Una comprobación de entrada inapropiada antes de llamar a un método readLine() de java puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podría resultar en una denegación de servicio. IBM X-Force ID: 189159 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 https://www.ibm.com/support/pages/node/6346585 • CWE-20: Improper Input Validation •