CVE-2020-4779

CWE-287Improper Authentication3 documents3 sources
Severity
8.1HIGH
EPSS
0.2%
top 63.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Curam SPMIBM Curam Social Program Management
Timeline
PublishedOct 12
Latest updateMay 24

Description

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDibm/curam_social_program_management7.0.10.0, 7.0.9.0+1
CVEListV5ibm/curam_spm7.0.10, 7.0.9+1

🔴Vulnerability Details

2
GHSA
GHSA-mj86-p3gv-6mgp: A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 72022-05-24
CVEList
CVE-2020-4779: A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 72020-10-12
CVE-2020-4779 (HIGH CVSS 8.1) | A HTTP Verb Tampering vulnerability | cvebase.io