Description
Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95306
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21695931
Scores
EPSS
0.0107
EPSS Percentile
60.7%
Details
CWE
CWE-200
Status
published
Products (5)
ibm/curam_social_program_management
6.0 sp2
ibm/curam_social_program_management
6.0.4.5
ibm/curam_social_program_management
6.0.5.4
ibm/curam_social_program_management
6.0.5.5
ibm/curam_social_program_management
< 5.2
Published
Feb 14, 2015
Tracked Since
Feb 18, 2026