Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-4803

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-4803
Last Modified 17 Feb 2015 07:35:57
Published 12 Feb 2015 09:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-4803

Summary

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.

Vulnerable Systems

Application

  • Ibm Curam Social Program Management 6.0

  • Ibm Curam Social Program Management 6.0.4.0

  • Ibm Curam Social Program Management 6.0.4.1

  • Ibm Curam Social Program Management 6.0.4.2

  • Ibm Curam Social Program Management 6.0.4.3

  • Ibm Curam Social Program Management 6.0.4.4

  • Ibm Curam Social Program Management 6.0.4.5

  • Ibm Curam Social Program Management 6.0.5.0

  • Ibm Curam Social Program Management 6.0.5.1

  • Ibm Curam Social Program Management 6.0.5.2

  • Ibm Curam Social Program Management 6.0.5.3

  • Ibm Curam Social Program Management 6.0.5.4

  • Ibm Curam Social Program Management 6.0.5.5


References

XF - ibm-curam-cve20144803-crlf(95305)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21695925


Last Updated: 27 May 2016 11:07:49