CVE-2013-3998Code Injection in IBM Infosphere Biginsights

CWE-94Code Injection3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 62.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Infosphere Biginsights
Timeline
PublishedMar 26
Latest updateMay 17

Description

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/infosphere_biginsights10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-8h4m-p2hq-jw7x: CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 12022-05-17
CVEList
CVE-2013-3998: CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 12014-03-26
CVE-2013-3998 — Code Injection in IBM | cvebase