PT-2020-18240 · Ibm · Ibm Curam Social Program Management

Published

2020-10-12

Updated

2021-07-21

CVE-2020-4778

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 7.0.9 through 7.0.10

Description The issue concerns the use of the MD5 algorithm for hashing tokens in a single instance, which is considered less secure than the default SHA-256 cryptographic algorithm used throughout the application.

Recommendations For versions 7.0.9 and 7.0.10, consider updating the hashing algorithm to SHA-256 to improve security. As a temporary workaround, restrict access to the affected instance to minimize the risk of exploitation.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2020-4778

Affected Products

Ibm Curam Social Program Management

PT-2020-18240 · Ibm · Ibm Curam Social Program Management

CVE-2020-4778

Weakness Enumeration

Related Identifiers

Affected Products

References · 4