exploitDog

GHSA-g89v-hj63-36q6

Опубликовано: 15 июл. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.

Ссылки

EPSS

Процентиль: 44%

0.00221

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-74

Связанные уязвимости

CVE-2021-39028

CVSS3: 5.4

nvd

больше 3 лет назад

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.

EPSS

Процентиль: 44%

0.00221

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-74