Description
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73943
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21698548
Scores
CVSS v3
5.3
EPSS
0.0125
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-358
Status
published
Products (12)
ibm/curam_social_program_management
6.0 sp2
ibm/curam_social_program_management
6.0.4.0
ibm/curam_social_program_management
6.0.4.1
ibm/curam_social_program_management
6.0.4.2
ibm/curam_social_program_management
6.0.4.3
ibm/curam_social_program_management
6.0.4.4
ibm/curam_social_program_management
6.0.4.5
ibm/curam_social_program_management
6.0.5.0
ibm/curam_social_program_management
6.0.5.1
ibm/curam_social_program_management
6.0.5.2
... and 2 more
Published
Jun 08, 2017
Tracked Since
Feb 18, 2026