Lucene search

IbmCVELIST:CVE-2020-4774

HistoryOct 12, 2020 - 1:05 p.m.

CVE-2020-4774

2020-10-1213:05:37

ibm

www.cve.org

ibm curam social program management

xpath vulnerability

unauthorized access

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152.

CNA Affected

[
  {
    "product": "Curam SPM",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.9"
      },
      {
        "status": "affected",
        "version": "7.0.10"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/189152

www.ibm.com/support/pages/node/6346595

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

41.0%

JSON

Related for CVELIST:CVE-2020-4774