HTTP Header Injection Vulnerability in IBM SmartCloud Analytics
CVE-2024-40686

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Smartcloud Analytics Log Analysis
Vendor: CVE Published:; 23 July 2025

What is CVE-2024-40686?

IBM SmartCloud Analytics - Log Analysis versions 1.3.7.0 through 1.3.8.2 are susceptible to HTTP header injection due to inadequate input validation of the HOST headers. This vulnerability could potentially enable attackers to execute malicious actions such as cross-site scripting, cache poisoning, or session hijacking, jeopardizing the integrity and confidentiality of user data.

Affected Version(s)

SmartCloud Analytics Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, 1.3.8.2

References

https://www.ibm.com/support/pages/node/7240270

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Jul 8, 2024