CVE-2018-1943

Name of the Vulnerable Software and Affected Versions IBM Cloud Private versions 3.1.0 through 3.1.1

Description The issue is caused by improper validation of input, allowing a remote attacker to inject arbitrary HTTP headers by persuading a victim to visit a specially-crafted Web page. This could enable the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking.

Recommendations For IBM Cloud Private versions 3.1.0 through 3.1.1, update to a version that properly validates input to prevent HTTP HOST header injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.