CVE-2014-3012

EUVD-2014-3033
Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
ibmcuram_social_program_management
5.2:sp1
ibmcuram_social_program_management
5.2:sp4
ibmcuram_social_program_management
6.0
ibmcuram_social_program_management
6.0.3.0
ibmcuram_social_program_management
6.0.4.0
ibmcuram_social_program_management
6.0.4.1
ibmcuram_social_program_management
6.0.4.2
ibmcuram_social_program_management
6.0.4.3
ibmcuram_social_program_management
6.0.4.4
ibmcuram_social_program_management
6.0.4.5
ibmcuram_social_program_management
6.0.5.0
ibmcuram_social_program_management
6.0.5.1
ibmcuram_social_program_management
6.0.5.2
ibmcuram_social_program_management
6.0.5.3
ibmcuram_social_program_management
6.0.5.4
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/59257
http://www-01.ibm.com/support/docview.wss?uid=swg21675454
https://exchange.xforce.ibmcloud.com/vulnerabilities/93010
http://secunia.com/advisories/59257
http://www-01.ibm.com/support/docview.wss?uid=swg21675454
https://exchange.xforce.ibmcloud.com/vulnerabilities/93010