Ibm

Curam Social Program Management

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-22318

  • EPSS 0.11%
  • Veröffentlicht 20.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:37

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

9.8

CVE-2022-22317

  • EPSS 0.11%
  • Veröffentlicht 20.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:37

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

5.4

CVE-2021-39068

  • EPSS 0.22%
  • Veröffentlicht 11.04.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:32

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials d...

8.8

CVE-2020-4942

  • EPSS 0.11%
  • Veröffentlicht 04.01.2021 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:27

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.

6.5

CVE-2020-4781

  • EPSS 0.2%
  • Veröffentlicht 12.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:14

An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159.

5.3

CVE-2020-4780

  • EPSS 0.12%
  • Veröffentlicht 12.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:14

OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookies from being observed by unauthorized parties. IBM...

8.1

CVE-2020-4779

  • EPSS 0.13%
  • Veröffentlicht 12.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:14

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.

7.5

CVE-2020-4778

  • EPSS 0.1%
  • Veröffentlicht 12.10.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 05:33:14

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156.

5.5

CVE-2020-4774

  • EPSS 0.11%
  • Veröffentlicht 12.10.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:14

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unautho...

8.1

CVE-2020-4772

  • EPSS 0.54%
  • Veröffentlicht 12.10.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:13

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery o...