Vulnerabilities > IBM > Curam Social Program Management > 6.1.1.0

DATE CVE VULNERABILITY TITLE RISK
2019-05-07 CVE-2018-2001 Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
6.8
2018-12-11 CVE-2018-1900 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-12-11 CVE-2018-1654 Open Redirect vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
ibm CWE-601
5.8
5.8
2018-03-26 CVE-2015-7401 Information Exposure vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id.
network
low complexity
ibm CWE-200
4.0
4.0
2018-03-12 CVE-2016-0261 Cross-site Scripting vulnerability in IBM Care Management and Curam Social Program Management
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
3.5
3.5
2018-01-19 CVE-2018-1362 Unspecified vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges.
network
ibm
6.0
6.0
2018-01-11 CVE-2017-1740 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-01-11 CVE-2017-1739 Cross-site Scripting vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2017-08-29 CVE-2017-1195 Open Redirect vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
ibm CWE-601
5.8
5.8
2017-08-29 CVE-2017-1110 Information Exposure vulnerability in IBM Curam Social Program Management
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user.
network
low complexity
ibm CWE-200
4.0
4.0