Vulnerabilities > IBM > Curam Social Program Management > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2021-39068 | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.11.0/8.0.1 IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. | 5.4 |
| 2020-10-12 | CVE-2020-4781 | Improper Input Validation vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. | 6.5 |
| 2020-10-12 | CVE-2020-4780 | Insufficient Session Expiration vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. | 5.3 |
| 2020-10-12 | CVE-2020-4775 | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. | 5.4 |
| 2020-10-12 | CVE-2020-4774 | XML Injection (aka Blind XPath Injection) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. | 5.4 |
| 2020-10-12 | CVE-2020-4773 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Curam Social Program Management 7.0.10.0/7.0.9.0 A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. | 6.5 |
| 2018-12-11 | CVE-2018-1900 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-12-11 | CVE-2018-1654 | Open Redirect vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2018-12-10 | CVE-2018-1671 | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.3.0 IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. | 6.1 |
| 2018-03-26 | CVE-2015-7401 | Information Exposure vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive document information by guessing the document id. | 4.3 |