IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362)
IBM Cúram Social Program Management Universal Access is vulnerable to Insecure Direct Object Reference. An authenticated user may have the ability to withdraw another user’s submitted applications from the system and possibly obtain privileges.
CVE(s): CVE-2018-1362
Affected product(s) and affected version(s):
IBM Cúram Social Program Management 7.0.0.0 – 7.0.1.1
IBM Cúram Social Program Management 6.2.0.0 – 6.2.0.6
IBM Cúram Social Program Management 6.1.0.0 – 6.1.1.6
IBM Cúram Social Program Management 6.0.5.0 – 6.0.5.10
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2EITVkg
X-Force Database: http://ift.tt/2FEBkHf
The post IBM Fix available for Insecure Direct Object Reference in IBM Cúram Social Program Management (CVE-2018-1362) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2EIxI5Q