CVE-2014-8903
high
CVSS v3
8.8
CVSS v2
6.5
VIR risk
8.8
Description
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21700098
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | curam_social_program_management | 6.0 | |
| ibm | curam_social_program_management | 6.0.4.0 | |
| ibm | curam_social_program_management | 6.0.4.1 | |
| ibm | curam_social_program_management | 6.0.4.2 | |
| ibm | curam_social_program_management | 6.0.4.3 | |
| ibm | curam_social_program_management | 6.0.4.4 | |
| ibm | curam_social_program_management | 6.0.4.5 | |
| ibm | curam_social_program_management | 6.0.4.6 | |
| ibm | curam_social_program_management | 6.0.4.7 | |
| ibm | curam_social_program_management | 6.0.4.8 | |
| ibm | curam_social_program_management | 6.0.4.9 | |
| ibm | curam_social_program_management | 6.0.5 | |
| ibm | curam_social_program_management | 6.0.5.0 | |
| ibm | curam_social_program_management | 6.0.5.1 | |
| ibm | curam_social_program_management | 6.0.5.2 | |
| ibm | curam_social_program_management | 6.0.5.3 | |
| ibm | curam_social_program_management | 6.0.5.4 | |
| ibm | curam_social_program_management | 6.0.5.5 | |
| ibm | curam_social_program_management | 6.0.5.6 | |
| ibm | curam_social_program_management | 6.0.5.7 | |
| ibm | curam_social_program_management | 6.0.5.8 | |
| ibm | curam_social_program_management | 6.0.5.9 | |
| ibm | curam_social_program_management | 6.0.5.10 | |
References
CWEs
CWE-77
Verify integrity in audit chain (admin only). AS-IS.