CVE-2014-3069 : Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.

Published 2014-08-12 00:55:04

Updated 2017-08-29 01:34:38

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-3069

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 39 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-3069

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2014-3069

http://www-01.ibm.com/support/docview.wss?uid=swg21681213

IBM Security Bulletin: IBM Cúram Universal Access V6.0.5.5 can be vulnerable to CRLF Injection attack (CVE-2014-3069)
Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/94839

IBM Curam Social Program Management cross-site request forgery CVE-2014-3069 Vulnerability Report

Products affected by CVE-2014-3069

IBM » Curam Social Program Management » Version: 6.0.5.5
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-3069

Exploit prediction scoring system (EPSS) score for CVE-2014-3069

CVSS scores for CVE-2014-3069

References for CVE-2014-3069

Products affected by CVE-2014-3069