Vulnerabilities > IBM > Curam Social Program Management > 7.0.9.0

DATE CVE VULNERABILITY TITLE RISK
2021-01-04 CVE-2020-4942 Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.11.0/7.0.9.0
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
ibm CWE-352
6.8
6.8
2020-10-12 CVE-2020-4781 Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service.
network
low complexity
ibm CWE-20
4.0
4.0
2020-10-12 CVE-2020-4780 Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10.
network
low complexity
ibm CWE-613
5.0
5.0
2020-10-12 CVE-2020-4779 Improper Authentication vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
low complexity
ibm CWE-287
5.5
5.5
2020-10-12 CVE-2020-4778 Inadequate Encryption Strength vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application.
network
low complexity
ibm CWE-326
5.0
5.0
2020-10-12 CVE-2020-4776 Path Traversal vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
5.0
5.0
2020-10-12 CVE-2020-4775 Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
ibm CWE-79
3.5
3.5
2020-10-12 CVE-2020-4774 Injection vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input.
network
low complexity
ibm CWE-74
5.5
5.5
2020-10-12 CVE-2020-4773 Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated.
network
ibm CWE-352
4.3
4.3
2020-10-12 CVE-2020-4772 XXE vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10.
network
low complexity
ibm CWE-611
5.5
5.5