CVE-2018-1362 - IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow

CVE-2018-1362

Summary

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 within Citizen Portal could allow an authenticated user to withdraw other user's submitted applications from the system and possibly obtain privileges. IBM X-Force ID: 137380.

References

Vulnerable Configurations

cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:7.0.1:*:*:*:*:*:*:*

CVSS

Base:	6.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:P

refmap via4

confirm	http://www.ibm.com/support/docview.wss?uid=swg22012528
misc	https://exchange.xforce.ibmcloud.com/vulnerabilities/137380

Last major update

03-10-2019 - 00:03

Published

19-01-2018 - 14:29

Last modified

03-10-2019 - 00:03