PT-2015-3778 · Ibm · Ibm Curam Social Program Management

Published

2015-02-13

Updated

2017-08-29

CVE-2014-4803

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 6.0 SP2 through 6.0 SP2 before EP26 IBM Curam Social Program Management version 6.0.4 through 6.0.4 before 6.0.4.5 iFix007 IBM Curam Social Program Management version 6.0.5 through 6.0.5 before 6.0.5.5 iFix003

Description The issue is related to a CRLF injection vulnerability in the Universal Access implementation. This vulnerability allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.

Recommendations For IBM Curam Social Program Management versions 6.0 SP2 through 6.0 SP2 before EP26, update to at least EP26. For IBM Curam Social Program Management version 6.0.4 through 6.0.4 before 6.0.4.5 iFix007, update to at least 6.0.4.5 iFix007. For IBM Curam Social Program Management version 6.0.5 through 6.0.5 before 6.0.5.5 iFix003, update to at least 6.0.5.5 iFix003.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-4803

Affected Products

Ibm Curam Social Program Management

PT-2015-3778 · Ibm · Ibm Curam Social Program Management

CVE-2014-4803

Related Identifiers

Affected Products

References · 3