Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2740AB4D54C08908FB6B276E9D3106F5591A8028699951B603BD63F09AE63D3C
HistoryNov 25, 2021 - 5:06 p.m.

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

2021-11-2517:06:40
www.ibm.com
17

0.005 Low

EPSS

Percentile

77.0%

JSON

Summary

IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component.

Vulnerability Details

CVEID:CVE-2018-15494
**DESCRIPTION:**Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Curam SPM 8.0.0
Curam SPM 7.0.11

Remediation/Fixes

Product VRMF Remediation/First Fix
Cúram SPM

8.0.1

| Visit IBM Fix Central and upgrade to 8.0.1 or a subsequent 8.0.1 release.
Cúram SPM|

7.0.11

| Visit IBM Fix Central and upgrade to 7.0.11_iFix6 or a subsequent 7.0.11 release.

Workarounds and Mitigations

For information about all other versions, contact IBM Cúram Social Program Management customer support.

CPENameOperatorVersion
curam spmeq8.0.0
curam spmeq7.0.11

Related

openvas 1
ubuntucve 1
ibm 30
cvelist 1
redhatcve 1
osv 3
veracode 1
cve 1
debian 1
debiancve 1
prion 1
nvd 1
github 1
packetstorm 1
nessus 1
zdt 1
openvas
openvas
Debian: Security Advisory (DLA-1492-1)
2018-09-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-15494
2018-08-18 00:00:00
ibm
ibm
Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)
2019-10-28 16:30:15
Security Bulletin: Potential vulnerability in Dojo affect IBM Operations Analytics - Log Analysis (CVE-2018-15494)
2022-11-07 11:12:59
Security Bulletin: A Security vulnerability found in Dojo Toolkit which is shipped with IBM Security Identity Management product (CVE-2018-15494)
2022-10-11 18:54:36
cvelist
cvelist
CVE-2018-15494
2018-08-18 02:00:00
redhatcve
redhatcve
CVE-2018-15494
2018-08-23 05:54:01
osv
osv
CVE-2018-15494
2018-08-18 02:29:01
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
dojo - security update
2018-09-03 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-08-20 07:17:16
cve
cve
CVE-2018-15494
2018-08-18 02:29:01
debian
debian
[SECURITY] [DLA 1492-1] dojo security update
2018-09-03 08:06:10
debiancve
debiancve
CVE-2018-15494
2018-08-18 02:29:01
prion
prion
Sql injection
2018-08-18 02:29:00
nvd
nvd
CVE-2018-15494
2018-08-18 02:29:01
github
github
dojox vulnerable to unescaped string injection
2018-10-15 22:03:48
packetstorm
packetstorm
Dojo Toolkit 1.13 Cross Site Scripting
2018-08-27 00:00:00
nessus
nessus
Debian DLA-1492-1 : dojo security update
2018-09-04 00:00:00
zdt
zdt
Dojo Toolkit 1.13 Cross Site Scripting Vulnerability
2018-08-28 00:00:00

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for 2740AB4D54C08908FB6B276E9D3106F5591A8028699951B603BD63F09AE63D3C
openvas1ubuntucve1ibm30cvelist1redhatcve1osv3veracode1cve1debian1debiancve1prion1nvd1github1packetstorm1nessus1zdt1