HTTP Response Splitting Vulnerability in IBM Security Access Manager and Verify Access
CVE-2019-4552

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Access; Security Access Manager
Vendor: CVE Published:; 15 October 2020

Summary

IBM Security Access Manager versions 9.0.7 and IBM Security Verify Access 10.0.0 are susceptible to HTTP response splitting due to improper handling of crafted URLs. An attacker can exploit this vulnerability to manipulate server responses, leading to potential security threats including web cache poisoning, cross-site scripting (XSS), and unauthorized access to sensitive data. This risk highlights the importance of timely updates and proper security protocols to safeguard against such attacks.

Affected Version(s)

Security Access Manager 9.0.7

Security Verify Access 10.0.0

References

https://www.ibm.com/support/pages/node/6348046

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/165960

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Jan 3, 2019