CVE-2014-6090

Currently unrated

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 27 April 2015

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and 6.0.5 before 6.0.5.6 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21697726

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 27, 2015
Vulnerability Reserved
Sep 2, 2014