6.5

CVE-2024-51454

IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEngineering Workflow Management Version7.0.2 Update-
IbmEngineering Workflow Management Version7.0.2 Updateifix001
IbmEngineering Workflow Management Version7.0.2 Updateifix002
IbmEngineering Workflow Management Version7.0.2 Updateifix003
IbmEngineering Workflow Management Version7.0.2 Updateifix004
IbmEngineering Workflow Management Version7.0.2 Updateifix005
IbmEngineering Workflow Management Version7.0.2 Updateifix006
IbmEngineering Workflow Management Version7.0.2 Updateifix007
IbmEngineering Workflow Management Version7.0.2 Updateifix008a
IbmEngineering Workflow Management Version7.0.2 Updateifix009
IbmEngineering Workflow Management Version7.0.2 Updateifix010
IbmEngineering Workflow Management Version7.0.2 Updateifix011
IbmEngineering Workflow Management Version7.0.2 Updateifix012
IbmEngineering Workflow Management Version7.0.2 Updateifix013
IbmEngineering Workflow Management Version7.0.2 Updateifix014
IbmEngineering Workflow Management Version7.0.2 Updateifix016
IbmEngineering Workflow Management Version7.0.2 Updateifix017
IbmEngineering Workflow Management Version7.0.2 Updateifix018
IbmEngineering Workflow Management Version7.0.2 Updateifix020a
IbmEngineering Workflow Management Version7.0.2 Updateifix021
IbmEngineering Workflow Management Version7.0.2 Updateifix022
IbmEngineering Workflow Management Version7.0.2 Updateifix023
IbmEngineering Workflow Management Version7.0.2 Updateifix024
IbmEngineering Workflow Management Version7.0.2 Updateifix025
IbmEngineering Workflow Management Version7.0.2 Updateifix026a
IbmEngineering Workflow Management Version7.0.2 Updateifix027
IbmEngineering Workflow Management Version7.0.2 Updateifix028
IbmEngineering Workflow Management Version7.0.2 Updateifix029
IbmEngineering Workflow Management Version7.0.2 Updateifix030
IbmEngineering Workflow Management Version7.0.2 Updateifix031
IbmEngineering Workflow Management Version7.0.2 Updateifix032
IbmEngineering Workflow Management Version7.0.2 Updateifix033
IbmEngineering Workflow Management Version7.0.2 Updateifix034
IbmEngineering Workflow Management Version7.0.2 Updateifix035
IbmEngineering Workflow Management Version7.0.3 Update-
IbmEngineering Workflow Management Version7.0.3 Updateifix001
IbmEngineering Workflow Management Version7.0.3 Updateifix002
IbmEngineering Workflow Management Version7.0.3 Updateifix003
IbmEngineering Workflow Management Version7.0.3 Updateifix004
IbmEngineering Workflow Management Version7.0.3 Updateifix005
IbmEngineering Workflow Management Version7.0.3 Updateifix006
IbmEngineering Workflow Management Version7.0.3 Updateifix007
IbmEngineering Workflow Management Version7.0.3 Updateifix008
IbmEngineering Workflow Management Version7.0.3 Updateifix009
IbmEngineering Workflow Management Version7.0.3 Updateifix010
IbmEngineering Workflow Management Version7.0.3 Updateifix011
IbmEngineering Workflow Management Version7.0.3 Updateifix012
IbmEngineering Workflow Management Version7.0.3 Updateifix013
IbmEngineering Workflow Management Version7.0.3 Updateifix014
IbmEngineering Workflow Management Version7.0.3 Updateifix015
IbmEngineering Workflow Management Version7.0.3 Updateifix016
IbmEngineering Workflow Management Version7.0.3 Updateifix017
IbmEngineering Workflow Management Version7.1.0 Update-
IbmEngineering Workflow Management Version7.1.0 Updateifix001
IbmEngineering Workflow Management Version7.1.0 Updateifix002
IbmEngineering Workflow Management Version7.1.0 Updateifix003
IbmEngineering Workflow Management Version7.1.0 Updateifix004
IbmEngineering Workflow Management Version7.1.0 Updateifix007
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.079
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@us.ibm.com 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

https://www.ibm.com/support/pages/node/7276371
Vendor Advisory