Vulnerability Name: | CVE-2018-1362 (CCN-137380) | ||||||||||||
Assigned: | 2017-12-13 | ||||||||||||
Published: | 2018-01-12 | ||||||||||||
Updated: | 2019-10-03 | ||||||||||||
Summary: | IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380. | ||||||||||||
CVSS v3 Severity: | 5.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) 4.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
4.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-1362 Source: CCN Type: IBM Security Bulletin 2012528 (Cram Social Program Management) Fix available for Insecure Direct Object Reference in IBM Cram Social Program Management (CVE-2018-1362) Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg22012528 Source: MISC Type: VDB Entry, Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/137380 Source: XF Type: UNKNOWN ibm-curam-cve20181362-priv-escalation(137380) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
BACK |