HTTP Header Injection Vulnerability in IBM Jazz for Service Management
CVE-2019-4186

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 5 September 2019

Summary

IBM Jazz for Service Management 1.1.3 is susceptible to HTTP header injection due to improper validation of the HTTP Host header in its caching mechanism. This vulnerability can be exploited by an attacker who sends a specifically crafted HTTP GET request, allowing them to inject arbitrary HTTP headers. Successful exploitation may enable an array of attacks, including cross-site scripting (XSS), cache poisoning, and session hijacking, posing significant risks to the integrity and security of the application.

Affected Version(s)

Jazz for Service Management 1.1.3

References

https://supportcontent.ibm.com/support/pages/node/1071966

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158976

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2019
Vulnerability Reserved
Jan 3, 2019