CVE: CVE-2020-4778

Export to Word

IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the CÃºram application. IBM X-Force ID: 189156.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

S9 – Sabotage of System/App

EPSS

Score: 0.00096
Percentile: 0.27799

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-327 : Use of a Broken or Risky Cryptographic Algorithm

All CAPEC(s)

CAPEC-20: Encryption Brute Forcing
CAPEC-459: Creating a Rogue Certification Authority Certificate
CAPEC-473: Signature Spoof
CAPEC-475: Signature Spoofing by Improper Validation
CAPEC-608: Cryptanalysis of Cellular Encryption
CAPEC-614: Rooting SIM Cards
CAPEC-97: Cryptanalysis

CAPEC(s) with Mapped TTPs

CAPEC-473: Signature Spoof
Mapped TTPs:
- T1036.001 : Invalid Code Signature
- T1553.002 : Code Signing

Mapped ATT&CK TTPs

T1036.001 : Invalid Code Signature
Kill Chain: defense-evasion
T1553.002 : Code Signing
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

APT41 DUST
SolarWinds Compromise
Operation Honeybee
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015

Affected Products

cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*

← Back to Home