IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NIBM Engineering Workflow Management
APPIbm7.0.27.0.37.1.0
Powiązane podatności
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authentic...
IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker t...
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing X...
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 i...