Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3026

Опубликовано: 29 июл. 2014
Источник: nvd
CVSS2: 3.5
EPSS Низкий

Описание

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Комментарий

CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 39%
0.00173
Низкий

3.5 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-ffhw-273c-5fxw

github
больше 3 лет назад

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

EPSS

Процентиль: 39%
0.00173
Низкий

3.5 Low

CVSS2

Дефекты

NVD-CWE-Other