IBM Cúram Social Program Management CVE-2018-1654 Open Redirection Vulnerability

Bugtraq ID:	106187
Class:	Input Validation Error
CVE:	CVE-2018-1654
Remote:	Yes
Local:	No
Published:	Dec 06 2018 12:00AM
Updated:	Dec 06 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	IBM Cúram Social Program Management 7.0.3.0 IBM Cúram Social Program Management 7.0.2.0 IBM Cúram Social Program Management 7.0.1.0 IBM Cúram Social Program Management 7.0.0.0 IBM Cúram Social Program Management 6.2.0.6 IBM Cúram Social Program Management 6.2.0.5 IBM Cúram Social Program Management 6.2.0.4 IBM Cúram Social Program Management 6.2.0.3 IBM Cúram Social Program Management 6.2.0.2 IBM Cúram Social Program Management 6.2.0.1 IBM Cúram Social Program Management 6.2.0.0 IBM Cúram Social Program Management 6.1.1.6 IBM Cúram Social Program Management 6.1.1.5 IBM Cúram Social Program Management 6.1.1.4 IBM Cúram Social Program Management 6.1.1.3 IBM Cúram Social Program Management 6.1.1.2 IBM Cúram Social Program Management 6.1.1.1 IBM Cúram Social Program Management 6.1.1.0 IBM Cúram Social Program Management 6.0.5.9 IBM Cúram Social Program Management 6.0.5.8 IBM Cúram Social Program Management 6.0.5.7 IBM Cúram Social Program Management 6.0.5.6 IBM Cúram Social Program Management 6.0.5.5 IBM Cúram Social Program Management 6.0.5.4 IBM Cúram Social Program Management 6.0.5.3 IBM Cúram Social Program Management 6.0.5.2 IBM Cúram Social Program Management 6.0.5.10 IBM Cúram Social Program Management 6.0.5.1 IBM Cúram Social Program Management 6.0.5.0
Not Vulnerable:	IBM Cúram Social Program Management 7.0.4.0 IBM Cúram Social Program Management 7.0.1.3 IBM Cúram Social Program Management 6.2.0.6 iFIX2 IBM Cúram Social Program Management 6.1.1.6 iFix2 IBM Cúram Social Program Management 6.0.5.10 iFix4

IBM Cúram Social Program Management CVE-2018-1654 Open Redirection Vulnerability

IBM Cúram Social Program Management is prone to an open-redirection vulnerability.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

IBM Cúram Social Program Management 7.0.2.0 through 7.0.3.0, 7.0.0.0 through 7.0.1.0, 6.2.0.0 through 6.2.0.6, 6.1.0.0 through 6.1.1.6 and 6.0.5.0 through 6.0.5.10 are vulnerable.

IBM Cúram Social Program Management CVE-2018-1654 Open Redirection Vulnerability

To exploit this issue an attacker must entice an unsuspecting user to follow a malicious URI.

IBM Cúram Social Program Management CVE-2018-1654 Open Redirection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Cúram Social Program Management CVE-2018-1654 Open Redirection Vulnerability

References:

• Curam Social Program Management Homepage (IBM)
  
• IBM Homepage (IBM)
  
• IBM Cúram Social Program Management contains an open redirect vulnerability (CVE (IBM)