Login Sign Up

CVE-2020-4779

8.1 HIGH
Authentication Bypass

📋 TL;DR

This HTTP Verb Tampering vulnerability in IBM Curam Social Program Management allows attackers to bypass security access controls by sending specially crafted HTTP requests. It affects IBM Curam Social Program Management versions 7.0.9 and 7.0.10, potentially enabling unauthorized access to protected resources.

💻 Affected Systems

Products:
  • IBM Curam Social Program Management
Versions: 7.0.9 and 7.0.10
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installations; specific configurations may vary risk level.

📦 What is this software?

Curam Social Program Management by Ibm

View all CVEs affecting Curam Social Program Management →

Curam Social Program Management by Ibm

View all CVEs affecting Curam Social Program Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through unauthorized administrative access, data exfiltration, or service disruption.

🟠

Likely Case

Unauthorized access to sensitive data or functionality that should be protected by access controls.

🟢

If Mitigated

Limited impact with proper network segmentation, monitoring, and authentication controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

HTTP verb tampering typically requires minimal technical skill but specific exploitation details are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade as per IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/6346579

Restart Required: Yes

Instructions:

1. Review IBM advisory 2. Apply recommended interim fix 3. Restart application services 4. Verify fix implementation

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Configure WAF to block or alert on unusual HTTP verb usage patterns

Network Segmentation

all

Restrict access to Curam application to authorized networks only

🧯 If You Can't Patch

  • Implement strict network access controls and monitor for unusual HTTP traffic patterns
  • Enhance authentication and authorization logging to detect access control bypass attempts

🔍 How to Verify

Check if Vulnerable:

Test with HTTP verb manipulation tools or review application logs for unusual verb usage

Check Version:

Check Curam application version through administrative interface or configuration files

Verify Fix Applied:

Verify patch installation and test that HTTP verb tampering no longer bypasses controls

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP verbs (PUT, DELETE, TRACE, etc.) in access logs
  • Failed authentication followed by successful access with different HTTP method

Network Indicators:

  • HTTP requests with non-standard verbs to Curam endpoints
  • Rapid verb switching in request patterns

SIEM Query:

source="web_logs" AND (http_method="PUT" OR http_method="DELETE" OR http_method="TRACE") AND uri CONTAINS "/curam/"

📊 Metadata

CVE ID: CVE-2020-4779
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-287
Published: October 12, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-4779, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)