Information Disclosure in IBM Curam Social Program Management
CVE-2016-8923
4.3MEDIUM
Summary
IBM Curam Social Program Management versions 5.2, 6.0, and 7.0 are vulnerable to an information disclosure issue, allowing an authorized user to access sensitive information from a higher privileged user's profile, which they should not be able to view. This could lead to unauthorized exposure of personal data, necessitating prompt attention and mitigation measures.
Affected Version(s)
Curam Social Program Management 6.0.4, 6.0.5, 6.0, 5.2, 4.5, 6.0.3, 6.1, 5.2.6, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 7.0.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved