Lucene search
PRIOn knowledge basePRION:CVE-2021-38997HistoryDec 12, 2022 - 9:15 a.m.
Cross site scripting
2022-12-1209:15:00
PRIOn knowledge base
www.prio-n.com
3
ibm api connect
vulnerable
http header injection
cross-site scripting
cache poisoning
session hijacking
ibm x-force id 213212
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213212.
| CPE | Name | Operator | Version |
|---|---|---|---|
| api_connect | ge | 10.0.1.0 | |
| api_connect | le | 10.0.1.7 | |
| api_connect | ge | 10.0.0.0 | |
| api_connect | le | 10.0.5.0 | |
| api_connect | ge | 2018.4.1.0 | |
| api_connect | le | 2018.4.1.19 |
Related
cve
cve
CVE-2021-38997
2022-12-12 09:15:11
cvelist
cvelist
CVE-2021-38997 IBM API Connect HOST header injection
2022-12-01 17:00:59
ibm
ibm
nvd
nvd
CVE-2021-38997
2022-12-12 09:15:11