It may be possible for a remote attacker to access sensitive information about a user and associated data via a single page in IBM Curam Universal Access.
CVEID:CVE**-2014-4804**
It may be possible for a remote attacker to access sensitive information via a particular page in IBM Curam Universal Access. In default configuration this is not possible, however, if the page has been customized to include SPI then this SPI would be at risk.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95306 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cúram Social Program Management
5.2
6.0 SP2
6.0.4.5
6.0.5.4
6.0.5.5
Product
| VRMF | Remediation/First Fix
—|—|—
Cúram SPM | 5.2 | Visit IBM Fix Central and upgrade to 5.2 SP6 EP6 or a later interim fix level.
Cúram SPM | 6.0 SP2 | Visit IBM Fix Central and upgrade to 6.0 SP2 EP26 or a later interim fix level.
Cúram SPM | 6.0.4.5 | Visit IBM Fix Central and upgrade to 6.0.4.5 iFix007 or a later interim fix level.
Cúram SPM | 6.0.5.4 | Visit IBM Fix Central and upgrade to 6.0.5.4 iFix005 or a later interim fix level.
Cúram SPM | 6.0.5.5 | Visit IBM Fix Central and upgrade to 6.0.5.5 iFix 003 or a later interim fix level.