CVE-2024-51454— IBM Engineering Workflow Management 主机头注入漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-51454 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
对HTTP头部进行脚本语法转义处理不恰当
来源: 美国国家漏洞数据库 NVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| IBM | Engineering Workflow Management | 7.0.2 ~ 7.0.2 Interim Fix 035 | cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:*:*:*:*:*:*:* |
二、漏洞 CVE-2024-51454 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-51454 的情报信息
请登录查看更多情报信息。
CVE-2024-51454 其他参考 (1)
同批安全公告 · IBM · 2026-06-22 · 共 21 条
| CVE-2026-10561 | 10.0 CRITICAL | Langflow OSS PythonREPLComponent 远程代码执行漏洞 |
| CVE-2026-7664 | 9.8 CRITICAL | Langflow OSS Webhook端点未授权流程执行漏洞 |
| CVE-2026-12628 | 9.1 CRITICAL | IBM Storage Protect Snapshot Windows 硬编码凭据导致越权 |
| CVE-2026-9072 | 8.1 HIGH | IBM WebSphere Application Server Liberty拒绝服务、HTTP请求走私及远程代码执行漏洞 |
| CVE-2026-9071 | 7.5 HIGH | IBM WebSphere Application Server 不受控资源消耗漏洞 |
| CVE-2026-8858 | 7.5 HIGH | IBM WebSphere Application Server Liberty 远程代码执行漏洞 |
| CVE-2026-9006 | 7.4 HIGH | IBM WebSphere Application Server 服务端请求伪造漏洞 |
| CVE-2026-8646 | 7.4 HIGH | IBM WebSphere Application Server 多个漏洞 |
| CVE-2024-54178 | 6.5 MEDIUM | IBM Db2 on Cloud Pak for Data 多个漏洞 |
| CVE-2026-8059 | 6.1 MEDIUM | IBM Datacap 多个漏洞 |
| CVE-2025-2669 | 6.0 MEDIUM | IBM Db2 on Cloud Pak for Data 多个漏洞 |
| CVE-2026-9320 | 5.9 MEDIUM | IBM WebSphere Application Server 多种漏洞 |
| CVE-2026-10852 | 5.9 MEDIUM | IBM WebSphere Liberty拒绝服务漏洞 |
| CVE-2026-8636 | 5.5 MEDIUM | IBM Datacap 多个漏洞 |
| CVE-2026-11372 | 5.4 MEDIUM | IBM TRIRIGA 跨站脚本漏洞 |
| CVE-2025-33128 | 5.4 MEDIUM | IBM Engineering Lifecycle Management 远程代码执行漏洞 |
| CVE-2023-33854 | 5.3 MEDIUM | IBM Db2 Cloud Pak for Data 多个漏洞 |
| CVE-2026-7253 | 5.3 MEDIUM | IBM Sterling File Gateway SSRF漏洞 |
| CVE-2026-9610 | 2.3 LOW | IBM Datacap 多个漏洞 |
| CVE-2026-10845 | IBM WebSphere Application Server 身份验证绕过漏洞 |
IV. Related Vulnerabilities
Same product: Engineering Workflow Management
V. Comments for CVE-2024-51454
暂无评论