CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2001
https://notcve.org/view.php?id=CVE-2018-2001
07 May 2019 — IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. IBM Cram Social Program Management, versiones 6.1.1, 6.2.0, 7.0.4 y 7.0.5, es vulnerable a ataques CSRF, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. IBM X-... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154891 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1654
https://notcve.org/view.php?id=CVE-2018-1654
11 Dec 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: ... • http://www.securityfocus.com/bid/106187 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1900
https://notcve.org/view.php?id=CVE-2018-1900
11 Dec 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152529. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.3 es vulnerable a ataques Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban códig... • http://www.securityfocus.com/bid/106189 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2017-1739
https://notcve.org/view.php?id=CVE-2017-1739
11 Jan 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0 y 7.0.1 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código Java... • http://www.ibm.com/support/docview.wss?uid=swg22012366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0CVE-2017-1740
https://notcve.org/view.php?id=CVE-2017-1740
11 Jan 2018 — IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922. IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1 y 7.0.2 es vulnerable a ataques de tipo Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeb... • http://www.ibm.com/support/docview.wss?uid=swg22012372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •