HTTP Header Injection Vulnerability in IBM Engineering Workflow Management
CVE-2024-51454

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Workflow Management
Vendor: CVE Published:; 22 June 2026

What is CVE-2024-51454?

IBM Engineering Workflow Management versions 7.0.2 to 7.1 are susceptible to HTTP header injection due to inadequate validation of HOST headers. This flaw can be exploited by attackers, facilitating various malicious activities such as cross-site scripting (XSS), cache poisoning, and session hijacking. It is essential for users to recognize the potential risks associated with this vulnerability and take appropriate measures to secure their systems.

Affected Version(s)

Engineering Workflow Management 7.0.2 <= 7.0.2 Interim Fix 035

Engineering Workflow Management 7.0.3 <= 7.0.3 Interim Fix 017

Engineering Workflow Management 7.1 <= 7.1 Interim Fix 004

References

https://www.ibm.com/support/pages/node/7276371

vendor-advisorypatch

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Oct 28, 2024

CVE-2024-51454 Data

JSON