IBM Universal Access contains a page where internal caseworker usernames are exposed as part of a URL. This information could be used in subsequent attacks against that particular user, e.g. to cause account lockout.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95723 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM Cúram Social Program Management (SPM) V6.0 SP2
Cúram SPM 6.0.4
Cúram SPM 6.0.5
NOTE: 6.0.5.5a is not affected
Product VRMF Remediation/First Fix
Cúram SPM 6.0.5 Visit IBM Fix Central and upgrade to 6.0.5.5 iFix5 or a subsequent 6.0.5 release.
Cúram SPM 6.0.4 Visit IBM Fix Central and upgrade to 6.0.4.6 or a subsequent 6.0.4 release.
Cúram SPM 6.0 SP2 Visit IBM Fix Central and upgrade to 6.0 SP2 EP26 or a subsequent 6.0 SP2 release.