Cross-Site Request Forgery Vulnerability in IBM Curam Social Program Management
CVE-2020-4942

6.5MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
4 January 2021

Summary

IBM Curam Social Program Management versions 7.0.9 and 7.0.11 are susceptible to a Cross-Site Request Forgery (CSRF) attack. This vulnerability could enable attackers to perform unauthorized actions by exploiting the trust established between a web application and its users. An attacker could craft a malicious request that, when executed by a victim user, could lead to unintended modifications or data exposure, compromising the security of the web application and its users.

Affected Version(s)

Curam SPM 7.0.9

Curam SPM 7.0.11

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.