CVE-2020-5019
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655.
IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, son vulnerables a una inyección de encabezado HTTP, causada por una comprobación inapropiada de la entrada por medio de los encabezados HOST. Mediante el envío de una petición HTTP especialmente diseñada, un atacante remoto podría explotar esta vulnerabilidad para inyectar un encabezado HTTP HOST, lo que permitirá al atacante conducir varios ataques contra el sistema vulnerable, incluyendo cross-site scripting, envenenamiento de caché o secuestro de sesiones.  IBM X-Force ID: 193655
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2021-01-08 CVE Published
- 2024-01-12 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.ibm.com/support/pages/node/6398754 | 2021-01-11 |
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/193655 | 2021-01-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Spectrum Protect Plus Search vendor "Ibm" for product "Spectrum Protect Plus" | >= 10.1.0 < 10.1.7 Search vendor "Ibm" for product "Spectrum Protect Plus" and version " >= 10.1.0 < 10.1.7" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|