Vulnerability Details : CVE-2014-3069
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.
Exploit prediction scoring system (EPSS) score for CVE-2014-3069
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 39 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3069
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
References for CVE-2014-3069
-
http://www-01.ibm.com/support/docview.wss?uid=swg21681213
IBM Security Bulletin: IBM CĂșram Universal Access V6.0.5.5 can be vulnerable to CRLF Injection attack (CVE-2014-3069)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94839
IBM Curam Social Program Management cross-site request forgery CVE-2014-3069 Vulnerability Report
Products affected by CVE-2014-3069
- cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*