IBM70C851DC3C35219A4D503212696A22B5FDD0B2DB838BA08F1273AD7193401910Security Bulletin: IBM API Connect on cloud is impacted by HTTP header injection vulnerability (CVE-2020-4706)
EPSS
Percentile
25.9%
Summary
IBM API Connect on cloud (V5) has addressed the following vulnerability.
Vulnerability Details
CVEID:CVE-2020-4706
**DESCRIPTION:**IBM API Connect is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187194 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| API Connect on cloud | V5 |
Remediation/Fixes
No user action required.
Workarounds and Mitigations
None
Related
EPSS
Percentile
25.9%