CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2001
https://notcve.org/view.php?id=CVE-2018-2001
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. IBM Cram Social Program Management, versiones 6.1.1, 6.2.0, 7.0.4 y 7.0.5, es vulnerable a ataques CSRF, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. IBM X-Force ID: 154891. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 https://www.ibm.com/support/docview.wss?uid=ibm10883184 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1900
https://notcve.org/view.php?id=CVE-2018-1900
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.3 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106189 https://exchange.xforce.ibmcloud.com/vulnerabilities/152529 https://www.ibm.com/support/docview.wss?uid=ibm10739035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1654
https://notcve.org/view.php?id=CVE-2018-1654
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747. IBM Curam Social Program Management, en sus versiones 6.0.5, 6.1.1, 6.2.0, 7.0.1, y 7.0.3, podría permitir a un atacante remoto llevar a cabo ataques de phishing, empleando un ataque de redirección abierta. • http://www.securityfocus.com/bid/106187 https://exchange.xforce.ibmcloud.com/vulnerabilities/144747 https://www.ibm.com/support/docview.wss?uid=ibm10739027 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7401
https://notcve.org/view.php?id=CVE-2015-7401
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. IBM X-Force ID: 107106. Las versiones 6.1.x de IBM Curam Social Program Management anteriores a la 6.1.1.1 permiten que usuarios autenticados remotos omitan restricciones de acceso previstas y obtengan información de documentos de carácter sensible adivinando el identificador del documento. IBM X-Force ID: 107106. • http://www-01.ibm.com/support/docview.wss?uid=swg21977425 https://exchange.xforce.ibmcloud.com/vulnerabilities/107106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0261
https://notcve.org/view.php?id=CVE-2016-0261
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604. Vulnerabilidad de Cross-Site Scripting (XSS) en IBM Curam Social Program Management, en versiones 6.0.0 anteriores a SP2 EP29; versiones 6.0.4 anteriores a la 6.0.4.6 iFix3; versiones 6.0.5 anteriores a la 6.0.5.9 iFix2; versiones 6.1.0 anteriores a la la 6.1.01 iFix1 y IBM Care Management 6.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. IBM X-Force ID: 110604. • http://www-01.ibm.com/support/docview.wss?uid=swg21981103 https://exchange.xforce.ibmcloud.com/vulnerabilities/110604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •