Lucene search

IbmCVELIST:CVE-2019-4552

HistoryOct 15, 2020 - 12:40 p.m.

CVE-2019-4552

2020-10-1512:40:20

ibm

www.cve.org

ibm security

http response splitting

remote attacker

specially crafted url

web cache poisoning

cross-site scripting

sensitive information

x-force id

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.

CNA Affected

[
  {
    "product": "Security Verify Access",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  },
  {
    "product": "Security Access Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.7"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/165960

www.ibm.com/support/pages/node/6348046

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

Related for CVELIST:CVE-2019-4552