CRLF Injection Vulnerability in IBM Curam Social Program Management Software
CVE-2014-3069

Currently unrated

Key Information:

Vendor: IBM
Status: Curam Social Program Management
Vendor: CVE Published:; 12 August 2014

Summary

The Universal Access component in IBM Curam Social Program Management 6.0.5.5 has multiple CRLF injection vulnerabilities that allow remote authenticated users to inject arbitrary HTTP headers. This improper validation of user input can lead to sophisticated HTTP response splitting attacks, compromising the integrity of web applications when not using WebSphere Application Server. Exploiting this vulnerability can enable attackers to manipulate HTTP responses and potentially execute harmful actions on behalf of users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21681213

x_refsource_CONFIRM

http://secunia.com/advisories/59688

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/94839

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 12, 2014
Vulnerability Reserved
Apr 29, 2014