Vulnerabilities > IBM > Curam Social Program Management

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-22317 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
7.5
7.5
2022-06-20 CVE-2022-22318 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 8.0.0/8.0.1
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
6.5
6.5
2022-04-11 CVE-2021-39068 Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.11.0/8.0.1
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2021-01-04 CVE-2020-4942 Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.11.0/7.0.9.0
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
6.8
2020-10-12 CVE-2020-4781 Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service.
network
low complexity
ibm CWE-20
4.0
4.0
2020-10-12 CVE-2020-4780 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10.
network
low complexity
ibm CWE-613
5.0
5.0
2020-10-12 CVE-2020-4779 Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
low complexity
ibm CWE-287
5.5
5.5
2020-10-12 CVE-2020-4778 Inadequate Encryption Strength vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application.
network
low complexity
ibm CWE-326
5.0
5.0
2020-10-12 CVE-2020-4776 Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.0
5.0
2020-10-12 CVE-2020-4775 Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
ibm CWE-79
3.5
3.5