Cross-Site Request Forgery Vulnerability in IBM Curam Social Program Management
CVE-2020-4942
6.5MEDIUM
Summary
IBM Curam Social Program Management versions 7.0.9 and 7.0.11 are susceptible to a Cross-Site Request Forgery (CSRF) attack. This vulnerability could enable attackers to perform unauthorized actions by exploiting the trust established between a web application and its users. An attacker could craft a malicious request that, when executed by a victim user, could lead to unintended modifications or data exposure, compromising the security of the web application and its users.
Affected Version(s)
Curam SPM 7.0.9
Curam SPM 7.0.11
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved