XPath Vulnerability in IBM Curam Social Program Management
CVE-2020-4774
5.4MEDIUM
Summary
An XPath vulnerability exists within IBM Curam Social Program Management versions 7.0.9 and 7.0.10, stemming from inadequate input validation. This flaw could be exploited by a remote attacker through the submission of specially-crafted input. Successful exploitation may lead to unauthorized access or exposure of sensitive information, including the structure and content of XML documents. Organizations utilizing affected versions should ensure thorough security measures are in place.
Affected Version(s)
Curam SPM 7.0.9
Curam SPM 7.0.10
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved