Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe

Filtered by product Curam Social Program Management

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-22317	5 Hp, Ibm, Linux and 2 more	7 Hp-ux, Aix, Curam Social Program Management and 4 more	2022-06-28	7.5 HIGH	9.8 CRITICAL
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
CVE-2022-22318	5 Hp, Ibm, Linux and 2 more	7 Hp-ux, Aix, Curam Social Program Management and 4 more	2022-06-28	6.5 MEDIUM	9.8 CRITICAL
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2016-6111	1 Ibm	1 Curam Social Program Management	2017-04-04	8.5 HIGH	9.1 CRITICAL
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.