CVE-2014-6092

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management (SPM) versions 5.2 through 5.2 before SP6 EP6 IBM Curam Social Program Management (SPM) versions 6.0 SP2 through 6.0 SP2 before EP26 IBM Curam Social Program Management (SPM) versions 6.0.4 through 6.0.4 before 6.0.4.6 IBM Curam Social Program Management (SPM) versions 6.0.5 through 6.0.5 before 6.0.5.6

Description The issue makes it easier for remote attackers to cause a denial of service by making many login attempts with a valid caseworker account name, due to the lack of proper failed-login handling for web-service accounts.

Recommendations For versions 5.2 through 5.2 before SP6 EP6, update to at least SP6 EP6 to resolve the issue. For versions 6.0 SP2 through 6.0 SP2 before EP26, update to at least EP26 to resolve the issue. For versions 6.0.4 through 6.0.4 before 6.0.4.6, update to at least 6.0.4.6 to resolve the issue. For versions 6.0.5 through 6.0.5 before 6.0.5.6, update to at least 6.0.5.6 to resolve the issue.