Host Header Injection Vulnerability in IBM SmartCloud Analytics
CVE-2019-4216

4.6MEDIUM

Key Information:

Vendor: IBM
Status: Smartcloud Analytics
Vendor: CVE Published:; 22 November 2019

What is CVE-2019-4216?

IBM SmartCloud Analytics versions 1.3.1 to 1.3.5 are susceptible to a host header injection vulnerability. This flaw could allow attackers to exploit manipulation of the Host HTTP header, potentially leading to significant security issues such as HTTP cache poisoning or unauthorized access to the firewall. Organizations utilizing affected versions should evaluate their systems and apply appropriate security patches to mitigate risks. For more details, refer to IBM's security advisory.

Affected Version(s)

SmartCloud Analytics 1.3.1

SmartCloud Analytics 1.3.2

SmartCloud Analytics 1.3.3

References

https://www.ibm.com/support/pages/node/1109745

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/159187

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
Jan 3, 2019