Описание
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.0 (включая) до 2.2.0 (исключая)
cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00035
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-644
Связанные уязвимости
CVSS3: 6.5
github
3 дня назад
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
EPSS
Процентиль: 10%
0.00035
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-644