Ibm · Ibm Jazz For Service Management · CVE-2019-4186
**Name of the Vulnerable Software and Affected Versions**
IBM Jazz for Service Management version 1.1.3
**Description**
The issue is caused by incorrect trust in the HTTP Host header during caching, allowing a remote attacker to inject arbitrary HTTP headers by sending a specially crafted HTTP GET request. This could enable various attacks, including cross-site scripting, cache poisoning, or session hijacking.
**Recommendations**
For IBM Jazz for Service Management version 1.1.3, update to a version that fixes the HTTP header injection issue.