MEDIUM🇬🇧 English

CVE-2024-51454

CVSS 6.5v3.1pub. 2026-06-22upd. 2026-06-26

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • IBM Engineering Workflow Management

    APP
    Ibm
    7.0.27.0.37.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-29774HIGH7.5ten sam produkt

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...

CVE-2021-29844HIGH8.8ten sam produkt

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authentic...

CVE-2020-4965HIGH7.5ten sam produkt

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker t...

CVE-2021-20502HIGH7.1ten sam produkt

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing X...

CVE-2025-33128MEDIUM5.4ten sam produkt

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 i...