CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4942
https://notcve.org/view.php?id=CVE-2020-4942
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942. IBM Curam Social Program Management versiones 7.0.9 y 7.0.11, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que el sitio web confía. IBM X-Force ID: 191942. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191942 https://www.ibm.com/support/pages/node/6395108 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4781
https://notcve.org/view.php?id=CVE-2020-4781
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. Una comprobación de entrada inapropiada antes de llamar a un método readLine() de java puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, lo que podría resultar en una denegación de servicio. IBM X-Force ID: 189159 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189159 https://www.ibm.com/support/pages/node/6346585 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4780
https://notcve.org/view.php?id=CVE-2020-4780
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM X-Force ID: 189158. Los scripts de compilación de OOTB no establecen el atributo seguro en la cookie de sesión, lo que puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0,10. El propósito del atributo "secure" es impedir que las cookies sean observadas por partes no autorizadas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189158 https://www.ibm.com/support/pages/node/6346581 • CWE-613: Insufficient Session Expiration •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4779
https://notcve.org/view.php?id=CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. Una vulnerabilidad de tipo Verb Tampering HTTP puede impactar a IBM Curam Social Program Management versiones 7.0.9 y 7.0.10. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para omitir los controles de acceso de seguridad. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189157 https://www.ibm.com/support/pages/node/6346579 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4778
https://notcve.org/view.php?id=CVE-2020-4778
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156. IBM Curam Social Program Management versiones 7.0.9 y 7.0.10, usa un algoritmo MD5 para el hash del token en una sola instancia, que es menos seguro que el algoritmo criptográfico predeterminado SHA-256 usado en toda la aplicación Cúram. IBM X-Force ID: 189156 • https://exchange.xforce.ibmcloud.com/vulnerabilities/189156 https://www.ibm.com/support/pages/node/6346575 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •