Vulnerabilities > IBM > Curam Social Program Management > 6.0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-12	CVE-2016-0261	Cross-site Scripting vulnerability in IBM Care Management and Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network ibm CWE-79	3.5
2017-09-19	CVE-2014-6191	Cross-site Scripting vulnerability in IBM Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network ibm CWE-79	3.5
2017-08-02	CVE-2014-8903	Command Injection vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. network low complexity ibm CWE-77	6.5
2017-06-28	CVE-2017-1106	Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. network ibm CWE-79	3.5
2017-06-08	CVE-2014-4843	Improperly Implemented Security Check for Standard vulnerability in IBM Curam Social Program Management Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. network low complexity ibm CWE-358	5.0
2017-04-20	CVE-2016-9980	Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. network ibm CWE-79	3.5
2017-04-20	CVE-2016-9978	Information Exposure vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. network low complexity ibm CWE-200	4.0
2017-04-20	CVE-2016-8923	Information Exposure vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. network low complexity ibm CWE-200	4.0
2017-03-31	CVE-2016-6111	XXE vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. network low complexity ibm CWE-611	8.5
2016-01-03	CVE-2015-5023	SQL Injection vulnerability in IBM Curam Social Program Management SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. network low complexity ibm CWE-89	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.