5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.8%
IBM API Connect is impacted by host header injection vulnerability. The fix addresses the host header injection CVE-2021-38997.
CVEID:CVE-2021-38997
**DESCRIPTION:**IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213212 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
API Connect | V10.0.0.0 - V10.0.5.0 |
---|---|
API Connect | V10.0.1.0 - V10.0.1.7 |
API Connect | V2018.4.1.0 - 2018.4.1.19 |
Affected Product | Addressed in VRMF | Remediation/First Fix |
---|
IBM API Connect
V10.0.0.0 - V10.0.5.0
| V10.0.5.1|
Addressed in IBM API Connect V10.0.5.1
The management server component is impacted.
Follow this link and find the appropriate package.
<https://www.ibm.com/support/pages/node/6607906>
IBM API Connect
V10.0.1.0 -V10.0.1.7
| V10.0.1.8|
Addressed in IBM API Connect V10.0.1.8
The management server component is impacted.
Follow this link and find the appropriate package.
<https://www.ibm.com/support/pages/node/6607673>
IBM API Connect
V2018.4.1.0 - 2018.4.1.19
| V2018.4.1.20|
Addressed in IBM API Connect V2018.4.1.20
The management server component is impacted.
Follow this link and find the appropriate package.
<https://www.ibm.com/support/pages/node/6591073>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm api connect | eq | 10 | |
ibm api connect | eq | 2018 |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.8%