PT-2019-16957 · Ibm · Ibm Jazz For Service Management
Bhanu Velampati
·
Publicado
2019-09-05
·
Atualizado
2022-12-09
·
CVE-2019-4186
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Jazz for Service Management version 1.1.3
Description
The issue is caused by incorrect trust in the HTTP Host header during caching, allowing a remote attacker to inject arbitrary HTTP headers by sending a specially crafted HTTP GET request. This could enable various attacks, including cross-site scripting, cache poisoning, or session hijacking.
Recommendations
For IBM Jazz for Service Management version 1.1.3, update to a version that fixes the HTTP header injection issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Jazz For Service Management