CVE-2014-4803

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 6.0 SP2 through 6.0 SP2 before EP26 IBM Curam Social Program Management version 6.0.4 through 6.0.4 before 6.0.4.5 iFix007 IBM Curam Social Program Management version 6.0.5 through 6.0.5 before 6.0.5.5 iFix003

Description The issue is related to a CRLF injection vulnerability in the Universal Access implementation. This vulnerability allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.

Recommendations For IBM Curam Social Program Management versions 6.0 SP2 through 6.0 SP2 before EP26, update to at least EP26. For IBM Curam Social Program Management version 6.0.4 through 6.0.4 before 6.0.4.5 iFix007, update to at least 6.0.4.5 iFix007. For IBM Curam Social Program Management version 6.0.5 through 6.0.5 before 6.0.5.5 iFix003, update to at least 6.0.5.5 iFix003.