Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Curam Social Program Management Universal Access组件CRLF注入漏洞
Vulnerability Description
IBM Curam Social Program Management(SPM)是美国IBM公司的一套社会计划管理解决方案,它支持终端到终端社会项目交付的过程。Universal Access是其中的一个通用访问组件。 IBM Curam SPM的Universal Access组件的实现过程中存在CRLF注入漏洞,该漏洞源于程序没有充分过滤参数。当程序没有使用WebSphere Application Server时,远程攻击者可利用该漏洞插入任意HTTP头,实施HTTP响应拆分攻击。以下版本受到影响:
CVSS Information
N/A
Vulnerability Type
N/A