CVE-2014-4804

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 54.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Curam Social Program Management
Timeline
PublishedFeb 14
Latest updateMay 17

Description

Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-595j-rx29-w4gc: Curam Universal Access in IBM Curam Social Program Management 52022-05-17
CVEList
CVE-2014-4804: Curam Universal Access in IBM Curam Social Program Management 52015-02-14
CVE-2014-4804 (MEDIUM CVSS 4.3) | Curam Universal Access in IBM Curam | cvebase.io