MEDIUM🇵🇱 Wersja polska

CVE-2026-4096

CVSS 6.5v3.1pub. 2026-06-11upd. 2026-06-16

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • IBM Devops Plan

    APP
    Ibm
    3.0.0 – 3.0.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-36363MEDIUM5.9ten sam produkt

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attac...

CVE-2025-36364MEDIUM6.2ten sam produkt

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another us...

CVE-2022-47986CRITICAL9.8⚠ KEVten sam vendor

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2020-4427CRITICAL9.8⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...

CVE-2020-4428CRITICAL9.1⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute ar...