PT-2015-3779 · Ibm · Ibm Curam Social Program Management
Published
2015-02-14
·
Updated
2017-08-29
·
CVE-2014-4804
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Curam Social Program Management versions 5.2 before SP6 EP6
IBM Curam Social Program Management versions 6.0 SP2 before EP26
IBM Curam Social Program Management versions 6.0.4.5 before iFix007
IBM Curam Social Program Management versions 6.0.5.4 before iFix005
IBM Curam Social Program Management versions 6.0.5.5 before iFix003
Description
The issue allows remote attackers to obtain sensitive user data by visiting an unspecified page when SPI inclusion is enabled.
Recommendations
For version 5.2, update to at least SP6 EP6.
For version 6.0 SP2, update to at least EP26.
For version 6.0.4.5, apply iFix007.
For version 6.0.5.4, apply iFix005.
For version 6.0.5.5, apply iFix003.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Curam Social Program Management