CVE-2014-3012CVE-2014-3012

Affected configuration(s):

cpe:/a:ibm:curam_social_program_management:5.2:sp1
cpe:/a:ibm:curam_social_program_management:5.2:sp4
cpe:/a:ibm:curam_social_program_management:6.0
cpe:/a:ibm:curam_social_program_management:6.0.3.0
cpe:/a:ibm:curam_social_program_management:6.0.4.0
cpe:/a:ibm:curam_social_program_management:6.0.4.1
cpe:/a:ibm:curam_social_program_management:6.0.4.2
cpe:/a:ibm:curam_social_program_management:6.0.4.3
cpe:/a:ibm:curam_social_program_management:6.0.4.4
cpe:/a:ibm:curam_social_program_management:6.0.4.5
cpe:/a:ibm:curam_social_program_management:6.0.5.0
cpe:/a:ibm:curam_social_program_management:6.0.5.1
cpe:/a:ibm:curam_social_program_management:6.0.5.2
cpe:/a:ibm:curam_social_program_management:6.0.5.3
cpe:/a:ibm:curam_social_program_management:6.0.5.4

Date published: 2014-06-18T12:55:07.687-04:00

Date last modified: 2017-08-28T21:34:35.280-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www-01.ibm.com/support/docview.wss?uid=swg21675454

Summary: Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.