Search
Find a vulnerability
Search criteria
16 vulnerabilities found for Cram Social Program Management by IBM
CVE-2018-2001 (GCVE-0-2018-2001)
Vulnerability from nvd – Published: 2019-05-07 18:35 – Updated: 2024-09-17 03:58
VLAI
Summary
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
Severity
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10883184 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
7.0.5
Affected: 7.0.4 Affected: 6.2.0 Affected: 6.1.1 |
Date Public
2019-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.1.1"
}
]
}
],
"datePublic": "2019-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/UI:R/S:U/PR:N/C:N/I:L/AV:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T18:35:20.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-03T00:00:00",
"ID": "CVE-2018-2001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "7.0.5"
},
{
"version_value": "7.0.4"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10883184",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 883184 (Cram Social Program Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-2001",
"datePublished": "2019-05-07T18:35:20.747Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:58:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1362 (GCVE-0-2018-1362)
Vulnerability from nvd – Published: 2018-01-19 14:00 – Updated: 2024-09-16 19:30
VLAI
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.
Severity
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012528 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.5
Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.1 |
Date Public
2018-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2018-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-19T13:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-12T00:00:00",
"ID": "CVE-2018-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012528",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1362",
"datePublished": "2018-01-19T14:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:47.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1740 (GCVE-0-2017-1740)
Vulnerability from nvd – Published: 2018-01-11 17:00 – Updated: 2024-09-16 19:47
VLAI
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012372 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| http://www.securityfocus.com/bid/102498 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.5
Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.1 Affected: 7.0.2 |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012372",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1740",
"datePublished": "2018-01-11T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:47:27.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1739 (GCVE-0-2017-1739)
Vulnerability from nvd – Published: 2018-01-11 17:00 – Updated: 2024-09-17 03:13
VLAI
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102492 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg22012366 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.5
Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.1 |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102492"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012366",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1739",
"datePublished": "2018-01-11T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:13:43.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1195 (GCVE-0-2017-1195)
Vulnerability from nvd – Published: 2017-08-29 21:00 – Updated: 2024-09-16 16:52
VLAI
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.
Severity
No CVSS data available.
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22007160 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T20:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007160",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1195",
"datePublished": "2017-08-29T21:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:52:56.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1110 (GCVE-0-2017-1110)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-09-16 21:08
VLAI
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22007161 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2017-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007161",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1110",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:08:05.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9732 (GCVE-0-2016-9732)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-09-16 16:53
VLAI
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| http://www.ibm.com/support/docview.wss?uid=swg22007156 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2016-9732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007156",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9732",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:10.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1106 (GCVE-0-2017-1106)
Vulnerability from nvd – Published: 2017-06-28 18:00 – Updated: 2024-09-16 18:07
VLAI
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/99306 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg22004580 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.0 Affected: 5.2 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-29T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "99306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-26T00:00:00",
"ID": "CVE-2017-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0"
},
{
"version_value": "5.2"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99306"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004580",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1106",
"datePublished": "2017-06-28T18:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:07:51.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2001 (GCVE-0-2018-2001)
Vulnerability from cvelistv5 – Published: 2019-05-07 18:35 – Updated: 2024-09-17 03:58
VLAI
Summary
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
Severity
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/docview.wss?uid=ibm10883184 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
7.0.5
Affected: 7.0.4 Affected: 6.2.0 Affected: 6.1.1 |
Date Public
2019-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.1.1"
}
]
}
],
"datePublic": "2019-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/UI:R/S:U/PR:N/C:N/I:L/AV:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T18:35:20.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-05-03T00:00:00",
"ID": "CVE-2018-2001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "7.0.5"
},
{
"version_value": "7.0.4"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10883184",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 883184 (Cram Social Program Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-2001",
"datePublished": "2019-05-07T18:35:20.747Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:58:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1362 (GCVE-0-2018-1362)
Vulnerability from cvelistv5 – Published: 2018-01-19 14:00 – Updated: 2024-09-16 19:30
VLAI
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.
Severity
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012528 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.5
Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.1 |
Date Public
2018-01-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2018-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-19T13:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-12T00:00:00",
"ID": "CVE-2018-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user\u0027s submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012528",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012528"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/137380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1362",
"datePublished": "2018-01-19T14:00:00.000Z",
"dateReserved": "2017-12-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:47.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1740 (GCVE-0-2017-1740)
Vulnerability from cvelistv5 – Published: 2018-01-11 17:00 – Updated: 2024-09-16 19:47
VLAI
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22012372 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| http://www.securityfocus.com/bid/102498 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.5
Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.1 Affected: 7.0.2 |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
},
{
"version_value": "7.0.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012372",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012372"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134922"
},
{
"name": "102498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1740",
"datePublished": "2018-01-11T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:47:27.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1739 (GCVE-0-2017-1739)
Vulnerability from cvelistv5 – Published: 2018-01-11 17:00 – Updated: 2024-09-17 03:13
VLAI
Summary
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102492 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg22012366 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.5
Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.1 |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.1"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T10:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102492"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012366",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012366"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1739",
"datePublished": "2018-01-11T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:13:43.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1195 (GCVE-0-2017-1195)
Vulnerability from cvelistv5 – Published: 2017-08-29 21:00 – Updated: 2024-09-16 16:52
VLAI
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670.
Severity
No CVSS data available.
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22007160 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-08-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T20:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2017-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007160",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007160"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123670"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1195",
"datePublished": "2017-08-29T21:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:52:56.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1110 (GCVE-0-2017-1110)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-09-16 21:08
VLAI
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22007161 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2017-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007161",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007161"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1110",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:08:05.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9732 (GCVE-0-2016-9732)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-09-16 16:53
VLAI
Summary
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| http://www.ibm.com/support/docview.wss?uid=swg22007156 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-08-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-08-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2016-9732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119761"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22007156",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22007156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9732",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:10.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1106 (GCVE-0-2017-1106)
Vulnerability from cvelistv5 – Published: 2017-06-28 18:00 – Updated: 2024-09-16 18:07
VLAI
Summary
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/99306 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg22004580 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cram Social Program Management |
Affected:
6.0.4
Affected: 6.0.5 Affected: 6.0 Affected: 5.2 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.2.0 Affected: 7.0.0 |
Date Public
2017-06-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99306",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cram Social Program Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"datePublic": "2017-06-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-29T09:57:01.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "99306",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-06-26T00:00:00",
"ID": "CVE-2017-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cram Social Program Management",
"version": {
"version_data": [
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0"
},
{
"version_value": "5.2"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.2.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99306"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004580",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004580"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1106",
"datePublished": "2017-06-28T18:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:07:51.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}