CRLF Injection Vulnerability in IBM Tivoli Integrated Portal by IBM
CVE-2014-6151

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Integrated Portal
Vendor: CVE Published:; 25 October 2014

Summary

A CRLF injection vulnerability exists in IBM Tivoli Integrated Portal 2.2.x, allowing remote authenticated users to exploit the application by injecting arbitrary HTTP headers. This can lead to HTTP response splitting attacks through unspecified vectors, potentially enabling attackers to manipulate the responses sent to users, leading to session hijacking or phishing attempts. Organizations using this portal should implement appropriate security measures and consider applying updates from IBM to mitigate these risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21687541

x_refsource_CONFIRM

http://www.securityfocus.com/bid/70727

vdb-entryx_refsource_BID

http://secunia.com/advisories/61899

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 25, 2014
Vulnerability Reserved
Sep 2, 2014