CVE-2020-4773

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 76.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Curam SPM IBM Curam Social Program Management

Timeline

PublishedOct 12

Latest updateMay 24

Description

A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/curam_social_program_management7.0.10.0, 7.0.9.0+1

▶CVEListV5ibm/curam_spm7.0.10, 7.0.9+1

🔴Vulnerability Details

GHSA

GHSA-mwmh-554m-2wcp: A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7↗2022-05-24

▶

CVEList

CVE-2020-4773: A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7↗2020-10-12

▶