CVE-2014-4804

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 5.2 before SP6 EP6 IBM Curam Social Program Management versions 6.0 SP2 before EP26 IBM Curam Social Program Management versions 6.0.4.5 before iFix007 IBM Curam Social Program Management versions 6.0.5.4 before iFix005 IBM Curam Social Program Management versions 6.0.5.5 before iFix003

Description The issue allows remote attackers to obtain sensitive user data by visiting an unspecified page when SPI inclusion is enabled.

Recommendations For version 5.2, update to at least SP6 EP6. For version 6.0 SP2, update to at least EP26. For version 6.0.4.5, apply iFix007. For version 6.0.5.4, apply iFix005. For version 6.0.5.5, apply iFix003.