Cross site scripting

2022-01-1817:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228.

CPENameOperatorVersion
cloud_pak_for_automationlt21.0.2
cloud_pak_for_automationeq21.0.2
cloud_pak_for_automationeq21.0.2 interim-fix1
cloud_pak_for_automationeq21.0.2 interim-fix2
cloud_pak_for_automationeq21.0.2 interim-fix3
cloud_pak_for_automationeq21.0.2 interim-fix4
cloud_pak_for_automationeq21.0.2 interim-fix5
cloud_pak_for_automationeq21.0.2 interim-fix6
cloud_pak_for_automationeq21.0.1
cloud_pak_for_automationlt21.0.1

Name	Operator	Version
cloud_pak_for_automation	lt	21.0.2
cloud_pak_for_automation	eq	21.0.2
cloud_pak_for_automation	eq	21.0.2 interim-fix1
cloud_pak_for_automation	eq	21.0.2 interim-fix2
cloud_pak_for_automation	eq	21.0.2 interim-fix3
cloud_pak_for_automation	eq	21.0.2 interim-fix4
cloud_pak_for_automation	eq	21.0.2 interim-fix5
cloud_pak_for_automation	eq	21.0.2 interim-fix6
cloud_pak_for_automation	eq	21.0.1
cloud_pak_for_automation	lt	21.0.1