Vulnerabilities > IBM > Curam Social Program Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-20 | CVE-2022-22317 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 9.8 |
| 2022-06-20 | CVE-2022-22318 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1 IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 9.8 |
| 2022-04-11 | CVE-2021-39068 | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.11.0/8.0.1 IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. | 5.4 |
| 2021-01-04 | CVE-2020-4942 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.11.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2020-10-12 | CVE-2020-4781 | Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. | 6.5 |
| 2020-10-12 | CVE-2020-4780 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. | 5.3 |
| 2020-10-12 | CVE-2020-4779 | Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 8.1 |
| 2020-10-12 | CVE-2020-4778 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. | 7.5 |
| 2020-10-12 | CVE-2020-4776 | Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2020-10-12 | CVE-2020-4775 | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 5.4 |