CVE-2014-3026

EUVD-2014-3047
CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
ibmmaximo_asset_management
7.5.0.0
ibmmaximo_asset_management
7.5.0.1
ibmmaximo_asset_management
7.5.0.2
ibmmaximo_asset_management
7.5.0.3
ibmmaximo_asset_management
7.5.0.4
ibmmaximo_asset_management
7.5.0.5
ibmmaximo_asset_management
7.5.0.6
ibmmaximo_asset_management_essentials
7.5.0.0
ibmmaximo_asset_management_essentials
7.5.0.1
ibmmaximo_asset_management_essentials
7.5.0.2
ibmmaximo_asset_management_essentials
7.5.0.3
ibmmaximo_asset_management_essentials
7.5.0.4
ibmmaximo_asset_management_essentials
7.5.0.5
ibmmaximo_asset_management_essentials
7.5.0.6
ibmsmartcloud_control_desk
7.5.0.0
ibmsmartcloud_control_desk
7.5.0.1
ibmsmartcloud_control_desk
7.5.0.2
ibmsmartcloud_control_desk
7.5.0.3
ibmsmartcloud_control_desk
7.5.1.0
ibmsmartcloud_control_desk
7.5.1.1
ibmsmartcloud_control_desk
7.5.1.2
ibmsmartcloud_control_desk
7.5.1.3
ibmmaximo_industry_solutions
7.5.0.0
ibmmaximo_industry_solutions
7.5.0.1
ibmmaximo_industry_solutions
7.5.0.2
ibmmaximo_industry_solutions
7.5.0.3
ibmmaximo_industry_solutions
7.5.0.4
ibmmaximo_industry_solutions
7.5.0.5
ibmmaximo_industry_solutions
7.5.0.6
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/59570
http://www-01.ibm.com/support/docview.wss?uid=swg21678798
https://exchange.xforce.ibmcloud.com/vulnerabilities/93065
http://secunia.com/advisories/59570
http://www-01.ibm.com/support/docview.wss?uid=swg21678798
https://exchange.xforce.ibmcloud.com/vulnerabilities/93065