Ibm Curam Social Program Management — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Curam Social Program Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2022-22317 — CVSS 9.8 (critical): IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to…
CVE-2022-22318 — CVSS 9.8 (critical): IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to…
CVE-2016-6111 — CVSS 9.1 (critical): IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE)…
CVE-2014-8903 — CVSS 8.8 (high): IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated…
CVE-2020-4942 — CVSS 8.8 (high): IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute…
CVE-2020-4779 — CVSS 8.1 (high): A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted…
CVE-2020-4772 — CVSS 8.1 (high): An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker…
CVE-2020-4776 — CVSS 7.5 (high): A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to…
CVE-2020-4778 — CVSS 7.5 (high): IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default…
CVE-2018-1654 — CVSS 6.8 (medium): IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using…
CVE-2014-6090 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3)…
CVE-2017-1110 — CVSS 6.5 (medium): IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to…
CVE-2020-4773 — CVSS 6.5 (medium): A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that…
CVE-2020-4781 — CVSS 6.5 (medium): An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which…
CVE-2017-1195 — CVSS 6.1 (medium): IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open…
CVE-2018-1671 — CVSS 6.1 (medium): IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when…
CVE-2018-1900 — CVSS 5.4 (medium): IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2021-39068 — CVSS 5.4 (medium): IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2014-6191 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject…
CVE-2015-5023 — CVSS 5.4 (medium): SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary…
CVE-2015-7402 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to…
CVE-2016-0261 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5…
CVE-2016-9732 — CVSS 5.4 (medium): IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2020-4775 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows…
CVE-2016-9979 — CVSS 5.4 (medium): IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2016-9980 — CVSS 5.4 (medium): IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2017-1106 — CVSS 5.4 (medium): IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2017-1739 — CVSS 5.4 (medium): IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users…
CVE-2017-1740 — CVSS 5.4 (medium): IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows…
CVE-2020-4774 — CVSS 5.4 (medium): An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied…
CVE-2020-4780 — CVSS 5.3 (medium): OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and…
CVE-2014-4843 — CVSS 5.3 (medium): Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5…
CVE-2018-1362 — CVSS 5.0 (medium): IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw…
CVE-2014-6092 — CVSS 5.0 (medium): IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires…
CVE-2014-4804 — CVSS 4.3 (medium): Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4…
CVE-2015-7401 — CVSS 4.3 (medium): IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass intended access restrictions and…
CVE-2016-9978 — CVSS 4.3 (medium): IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force…
CVE-2016-8923 — CVSS 4.3 (medium): IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive…
CVE-2018-2001 — CVSS 4.3 (medium): IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker…
CVE-2014-3096 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject…
CVE-2014-3069 — CVSS 3.5 (low): Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when…
CVE-2014-3013 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote…
CVE-2014-3012 — CVSS 3.5 (low): Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to…
CVE-2014-6192 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5…
CVE-2014-6091 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote…
CVE-2014-4803 — CVSS 3.5 (low): CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4…