HTTP Response Splitting Vulnerability in IBM Security Access Manager and Verify Access
CVE-2019-4552

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 October 2020

Summary

IBM Security Access Manager versions 9.0.7 and IBM Security Verify Access 10.0.0 are susceptible to HTTP response splitting due to improper handling of crafted URLs. An attacker can exploit this vulnerability to manipulate server responses, leading to potential security threats including web cache poisoning, cross-site scripting (XSS), and unauthorized access to sensitive data. This risk highlights the importance of timely updates and proper security protocols to safeguard against such attacks.

Affected Version(s)

Security Access Manager 9.0.7

Security Verify Access 10.0.0

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.