Cross-Site Scripting Vulnerability in IBM Curam Social Program Management
CVE-2020-4775

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Curam Spm
Vendor: CVE Published:; 12 October 2020

Summary

A cross-site scripting vulnerability exists in IBM Curam Social Program Management versions 7.0.9 and 7.0.10. This flaw allows attackers to inject malicious scripts into web applications, which could enable them to execute unwanted actions on the affected user's device. The attack is confined to a specific location, posing significant risks to users' data and overall application integrity. For comprehensive information and mitigation strategies, refer to IBM's support documentation and vulnerability reports.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.10

References

https://www.ibm.com/support/pages/node/6346571

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/189153

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 12, 2020
Vulnerability Reserved
Dec 30, 2019