Medium Severity

IBM Security Bulletin: IBM Cúram Social Program Management contains a cross-site request forgery vulnerability in the REST API (CVE-2018-2001)

Share this post:

A recent product security scanning exercise identified that a cross-site request forgery vulnerability exists within REST in IBM Cúram Social Program Management. The issue relates to the checking of the HTTP referrer header for GET requests on the server side, which should be checked in a similar way to all other requests. Note: If you are using the REST API, you are vulnerable to cross-site request forgery.

CVE(s): CVE-2018-2001

Affected product(s) and affected version(s):
IBM Cúram Social Program Management 7.0.5.0 – 7.0.5.0 IBM Cúram Social Program Management 7.0.0.0 – 7.0.4.0
IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.6
IBM Cúram Social Program Management 6.1.0.0 – 6.1.1.6
Note: The REST API was not present in version 6.0.5 and earlier versions, so these versions are not vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10883184
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154891

More stories

IBM Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

May 20, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-1002101 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882956X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158804 ...read more


IBM Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946)

May 20, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-9946 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882952X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158803 ...read more


IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM

May 18, 2019 9:01 am EDT | Medium Severity

PowerKVM is affected by a vulnerability in libsoup. IBM has now addressed this vulnerability. CVE(s): CVE-2018-12910 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879787X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147348 ...read more