Ibm

Curam Social Program Management

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2016-9979

  • EPSS 0.26%
  • Veröffentlicht 20.04.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...

4.3

CVE-2016-9978

  • EPSS 0.2%
  • Veröffentlicht 20.04.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.

4.3

CVE-2016-8923

  • EPSS 0.2%
  • Veröffentlicht 20.04.2017 21:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 11853...

9.1

CVE-2016-6111

  • EPSS 0.41%
  • Veröffentlicht 31.03.2017 18:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive info...

6.5

CVE-2015-5023

  • EPSS 0.13%
  • Veröffentlicht 03.01.2016 05:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

5.4

CVE-2015-7402

  • EPSS 0.17%
  • Veröffentlicht 02.01.2016 05:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5

CVE-2014-6192

  • EPSS 0.17%
  • Veröffentlicht 25.05.2015 14:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HT...

5

CVE-2014-6092

  • EPSS 0.53%
  • Veröffentlicht 27.04.2015 11:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, w...

6.8

CVE-2014-6090

  • EPSS 0.1%
  • Veröffentlicht 27.04.2015 11:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0...

4.3

CVE-2014-4804

  • EPSS 0.23%
  • Veröffentlicht 14.02.2015 02:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensit...