IBM Cúram Social Program Management is vulnerable to a SQL Injection attack. The attacker must already be authenticated and have access to the console.
CVEID: CVE-2015-5023**
DESCRIPTION:** IBM Cúram Social Program Management is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106519 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
IBM Cúram Social Program Management 6.1
Product
| VRMF| Remiation/First Fix
—|—|—
Cúram SPM| 6.1| Visit IBM Fix Central and upgrade to 6.1.1
None