Ibm

Curam Social Program Management

46 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2016-9979

  • EPSS 0.26%
  • Published 20.04.2017 21:59:01
  • Last modified 20.04.2025 01:37:25

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...

4.3

CVE-2016-9978

  • EPSS 0.2%
  • Published 20.04.2017 21:59:01
  • Last modified 20.04.2025 01:37:25

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.

4.3

CVE-2016-8923

  • EPSS 0.2%
  • Published 20.04.2017 21:59:01
  • Last modified 20.04.2025 01:37:25

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 11853...

9.1

CVE-2016-6111

  • EPSS 0.41%
  • Published 31.03.2017 18:59:00
  • Last modified 20.04.2025 01:37:25

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive info...

6.5

CVE-2015-5023

  • EPSS 0.13%
  • Published 03.01.2016 05:59:04
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

5.4

CVE-2015-7402

  • EPSS 0.17%
  • Published 02.01.2016 05:59:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5

CVE-2014-6192

  • EPSS 0.17%
  • Published 25.05.2015 14:59:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HT...

5

CVE-2014-6092

  • EPSS 0.53%
  • Published 27.04.2015 11:59:02
  • Last modified 12.04.2025 10:46:40

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, w...

6.8

CVE-2014-6090

  • EPSS 0.1%
  • Published 27.04.2015 11:59:00
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0...

4.3

CVE-2014-4804

  • EPSS 0.23%
  • Published 14.02.2015 02:59:00
  • Last modified 12.04.2025 10:46:40

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensit...