SQL Injection Vulnerability in IBM Curam Social Program Management
CVE-2015-5023

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 3 January 2016

Summary

An SQL injection vulnerability exists in IBM Curam Social Program Management versions prior to 6.1.1. This flaw allows remote authenticated users to manipulate SQL queries by executing arbitrary commands through unspecified vectors, potentially leading to unauthorized data exposure or database modification. Organizations using affected versions should prioritize patching to mitigate security risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21967851

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2016
Vulnerability Reserved
Jun 24, 2015