Token Hashing Vulnerability in IBM Curam Social Program Management
CVE-2020-4778

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
12 October 2020

Summary

IBM Curam Social Program Management versions 7.0.9 and 7.0.10 utilize the MD5 algorithm for hashing tokens, which is deemed less secure compared to the SHA-256 cryptographic standard employed throughout the application. This inconsistency in hashing methods raises potential security concerns, as MD5 is susceptible to vulnerabilities that could be exploited, compromising the integrity and safety of the token-based authentication process.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.10

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.