PT-2021-12219 · Ibm · Ibm Emptoris Sourcing
Published
2021-01-07
·
Updated
2021-07-21
·
CVE-2020-4896
CVSS v3.1
6.5
Medium
| Vector | I:L/UI:N/C:L/S:U/A:N/AC:L/PR:N/AV:N |
Name of the Vulnerable Software and Affected Versions
IBM Emptoris Sourcing versions 10.1.0 through 10.1.3
Description
The issue is caused by improper input validation, allowing web cache poisoning by modifying HTTP request headers.
Recommendations
For versions 10.1.0 through 10.1.3, update to a version that includes proper input validation to prevent web cache poisoning.
As a temporary workaround, consider restricting access to HTTP request headers to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Emptoris Sourcing