XPath Vulnerability in IBM Curam Social Program Management
CVE-2020-4774

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
12 October 2020

Summary

An XPath vulnerability exists within IBM Curam Social Program Management versions 7.0.9 and 7.0.10, stemming from inadequate input validation. This flaw could be exploited by a remote attacker through the submission of specially-crafted input. Successful exploitation may lead to unauthorized access or exposure of sensitive information, including the structure and content of XML documents. Organizations utilizing affected versions should ensure thorough security measures are in place.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.10

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.