Cross-Site Request Forgery Vulnerability in IBM Cram Social Program Management
CVE-2018-2001

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Cram Social Program Management
Vendor: CVE Published:; 3 May 2019

Summary

IBM Cram Social Program Management versions 6.1.1, 6.2.0, 7.0.4, and 7.0.5 are susceptible to a cross-site request forgery vulnerability. This security issue allows attackers to perform malicious actions by exploiting the trust that the application has in authenticated users. By sending crafted requests, an attacker can manipulate actions without proper authorization, posing significant risks to user data and system integrity.

Affected Version(s)

Cram Social Program Management 7.0.5

Cram Social Program Management 7.0.4

Cram Social Program Management 6.2.0

References

https://www.ibm.com/support/docview.wss?uid=ibm10883184

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/154891

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2019
Vulnerability Reserved
Dec 13, 2017