CVE-2014-4843

MEDIUM

IBM Curam SPM <6.0.5.5 - Info Disclosure

Title source: llm

Description

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.

References (2)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21698548

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73943

Scores

CVSS v3 5.3

EPSS 0.0016

EPSS Percentile 36.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-358

Status published

Products (13)

ibm/curam_social_program_management

... and 3 more

Published Jun 08, 2017

Tracked Since Feb 18, 2026