Lucene search
+L

292 matches found

NVD
NVD
added 2014/08/12 12:55 a.m.15 views

CVE-2014-3069

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management SPM 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecifie...

3.5CVSS6.6AI score0.00951EPSS
Exploits0References3
Prion
Prion
added 2014/08/12 12:55 a.m.13 views

Crlf injection

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management SPM 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecifie...

3.5CVSS7.1AI score0.00951EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/08/12 12:0 a.m.18 views

CVE-2014-3069

Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management SPM 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecifie...

6.6AI score0.00951EPSS
Exploits0References3
CVE
CVE
added 2014/08/12 12:0 a.m.39 views

CVE-2014-3069

Summary: CVE-2014-3069 affects IBM Cúram Universal Access (V6.0.5.5) when not deployed on IBM WebSphere. The root cause is improper sanitization of user-supplied data output into HTTP response header fields, enabling CRLF injection and potential session/credential exposure or HTTP Response Splitt...

3.5CVSS6.7AI score0.00951EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/06/18 4:55 p.m.17 views

CVE-2014-3013

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

3.5CVSS5.3AI score0.00936EPSS
Exploits0References3
NVD
NVD
added 2014/06/18 4:55 p.m.24 views

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

3.5CVSS6.6AI score0.00951EPSS
Exploits0References3
Prion
Prion
added 2014/06/18 4:55 p.m.13 views

Crlf injection

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

3.5CVSS7.1AI score0.00951EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/06/18 4:55 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

3.5CVSS5.5AI score0.00936EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/06/18 4:0 p.m.48 views

CVE-2014-3012

CVE-2014-3012 affects IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4. The vulnerability is a CRLF injection allowing remote authenticated users to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified parameters to custom JSPs. Root cause is improper handl...

3.5CVSS6.8AI score0.00951EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/06/18 4:0 p.m.20 views

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

6.6AI score0.00951EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/06/18 4:0 p.m.24 views

CVE-2014-3013

Multiple cross-site scripting XSS vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a 1 custom JSP or 2 custom renderer...

5.3AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2014/06/18 4:0 p.m.47 views

CVE-2014-3013

Cúram Social Program Management is vulnerable to cross-site scripting (XSS) due to improper validation/sanitization of tags in custom JSPs or custom renderers that add text nodes to rendered content. A remote authenticated attacker can inject malicious scripts via crafted input to a custom JSP or...

3.5CVSS5.3AI score0.00936EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder