CVE-2021-29872

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Automation versions 21.0.1 through 21.0.2

Description The issue is caused by improper validation of input by the HOST headers, allowing a remote attacker to inject HTTP HOST headers by sending a specially crafted HTTP request. This could enable various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking.

Recommendations For IBM Cloud Pak for Automation versions 21.0.1 and 21.0.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.