Vulnerability Description
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Curam Social Program Management | 6.0.5.5 |
References
- http://secunia.com/advisories/59688
- http://www-01.ibm.com/support/docview.wss?uid=swg21681213PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94839
- http://secunia.com/advisories/59688
- http://www-01.ibm.com/support/docview.wss?uid=swg21681213PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94839
FAQ
What is CVE-2014-3069?
CVE-2014-3069 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticate...
How severe is CVE-2014-3069?
CVE-2014-3069 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3069?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Curam Social Program Management.