2 matches found
Security Bulletin: IBM Cúram Universal Access is vulnerable to CRLF Injection attack when not deployed on IBM WebSphere. (CVE-2014-4803)
Summary The Universal Access component of IBM Cúram Social Program Management, when not deployed on IBM WebSphere Application Server, is vulnerable to CRLF Injection attack; this is caused by improper sanitization/escaping of a parameter on one page. Vulnerability Details CVEID: CVE-2014-4803 A...
CVE-2014-4803
IBM Cúram Universal Access (part of IBM Cúram Social Program Management) is vulnerable to a CRLF injection when not deployed on WebSphere, due to improper sanitization on a page parameter. A remote authenticated attacker could inject arbitrary HTTP headers and perform HTTP response splitting, pot...