CVE-2019-4552

Name of the Vulnerable Software and Affected Versions IBM Security Access Manager version 9.0.7 IBM Security Verify Access version 10.0.0

Description The issue allows a remote attacker to perform HTTP response splitting attacks by using a specially-crafted URL. Once the URL is clicked, the server returns a split response, enabling the attacker to conduct further attacks, including Web cache poisoning, cross-site scripting, and potentially obtaining sensitive information.

Recommendations For IBM Security Access Manager version 9.0.7, update to a version that includes the fix for this issue. For IBM Security Verify Access version 10.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to URLs that could be used to exploit this issue until a patch is available.