HTTP Response Splitting Vulnerability in IBM Security Access Manager and Verify Access
CVE-2019-4552
6.1MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 15 October 2020
Summary
IBM Security Access Manager versions 9.0.7 and IBM Security Verify Access 10.0.0 are susceptible to HTTP response splitting due to improper handling of crafted URLs. An attacker can exploit this vulnerability to manipulate server responses, leading to potential security threats including web cache poisoning, cross-site scripting (XSS), and unauthorized access to sensitive data. This risk highlights the importance of timely updates and proper security protocols to safeguard against such attacks.
Affected Version(s)
Security Access Manager 9.0.7
Security Verify Access 10.0.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved