6.5
CVE-2024-51454
- EPSS 0.18%
- Veröffentlicht 22.06.2026 14:33:55
- Zuletzt bearbeitet 26.06.2026 20:05:47
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Engineering Workflow Management Version7.0.2
Ibm ≫ Engineering Workflow Management Version7.0.2 Update-
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix001
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix002
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix003
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix004
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix005
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix006
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix007
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix008a
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix009
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix010
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix011
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix012
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix013
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix014
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix016
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix017
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix018
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix020a
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix021
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix022
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix023
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix024
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix025
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix026a
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix027
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix028
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix029
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix030
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix031
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix032
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix033
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix034
Ibm ≫ Engineering Workflow Management Version7.0.2 Updateifix035
Ibm ≫ Engineering Workflow Management Version7.0.3 Update-
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix001
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix002
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix003
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix004
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix005
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix006
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix007
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix008
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix009
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix010
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix011
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix012
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix013
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix014
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix015
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix016
Ibm ≫ Engineering Workflow Management Version7.0.3 Updateifix017
Ibm ≫ Engineering Workflow Management Version7.1.0 Update-
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix001
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix002
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix003
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix004
Ibm ≫ Engineering Workflow Management Version7.1.0 Updateifix007
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.079 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| psirt@us.ibm.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
https://www.ibm.com/support/pages/node/7276371