CSRF Vulnerabilities in IBM Curam Social Program Management
CVE-2014-6090

Currently unrated

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 27 April 2015

What is CVE-2014-6090?

Multiple cross-site request forgery vulnerabilities exist in IBM Curam Social Program Management, specifically within the DataMappingEditorCommands, DatastoreEditorCommands, and IEGEditorCommands servlets. These security flaws allow remote attackers to exploit the system, potentially hijacking the authentication of users. When exploited, these vulnerabilities can enable an attacker to send malicious requests that may insert XSS sequences, posing a significant risk to data integrity and user security.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21697726

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2015
Vulnerability Reserved
Sep 2, 2014