First published: Wed Aug 02 2017(Updated: )
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Curam Social Program Management | =6.0-sp2 | |
IBM Curam Social Program Management | =6.0.4.0 | |
IBM Curam Social Program Management | =6.0.4.1 | |
IBM Curam Social Program Management | =6.0.4.2 | |
IBM Curam Social Program Management | =6.0.4.3 | |
IBM Curam Social Program Management | =6.0.4.4 | |
IBM Curam Social Program Management | =6.0.4.5 | |
IBM Curam Social Program Management | =6.0.4.6 | |
IBM Curam Social Program Management | =6.0.4.7 | |
IBM Curam Social Program Management | =6.0.4.8 | |
IBM Curam Social Program Management | =6.0.4.9 | |
IBM Curam Social Program Management | =6.0.5 | |
IBM Curam Social Program Management | =6.0.5.0 | |
IBM Curam Social Program Management | =6.0.5.1 | |
IBM Curam Social Program Management | =6.0.5.2 | |
IBM Curam Social Program Management | =6.0.5.3 | |
IBM Curam Social Program Management | =6.0.5.4 | |
IBM Curam Social Program Management | =6.0.5.5 | |
IBM Curam Social Program Management | =6.0.5.6 | |
IBM Curam Social Program Management | =6.0.5.7 | |
IBM Curam Social Program Management | =6.0.5.8 | |
IBM Curam Social Program Management | =6.0.5.9 | |
IBM Curam Social Program Management | =6.0.5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-8903 has a medium severity rating because it allows remote authenticated users to load arbitrary Java classes.
To fix CVE-2014-8903, upgrade to IBM Curam Social Program Management version 6.0 SP2 EP26 or later.
CVE-2014-8903 affects IBM Curam Social Program Management versions 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10, and 6.0.5 before 6.0.5.6.
CVE-2014-8903 enables remote authenticated users to potentially execute arbitrary code on the server.
Organizations using the specified versions of IBM Curam Social Program Management could be vulnerable to attacks leveraging CVE-2014-8903.