Token Hashing Vulnerability in IBM Curam Social Program Management
CVE-2020-4778
5.9MEDIUM
Summary
IBM Curam Social Program Management versions 7.0.9 and 7.0.10 utilize the MD5 algorithm for hashing tokens, which is deemed less secure compared to the SHA-256 cryptographic standard employed throughout the application. This inconsistency in hashing methods raises potential security concerns, as MD5 is susceptible to vulnerabilities that could be exploited, compromising the integrity and safety of the token-based authentication process.
Affected Version(s)
Curam SPM 7.0.9
Curam SPM 7.0.10
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved