CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ibmCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/C:L/PR:L/I:L/UI:N/A:N/AV:N/S:U/AC:L/RL:O/E:U/RC:C
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
ibmengineering_lifecycle_optimization_-_publishing
6.0.6
ibmengineering_lifecycle_optimization_-_publishing
6.0.6.1
ibmengineering_lifecycle_optimization_-_publishing
7.0.1
ibmengineering_lifecycle_optimization_publishing
7.0
ibmengineering_lifecycle_optimization_publishing
7.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/213866
https://www.ibm.com/support/pages/node/6603347
https://exchange.xforce.ibmcloud.com/vulnerabilities/213866
https://www.ibm.com/support/pages/node/6603347