CVE-2014-3026

4 documents4 sources
Severity
3.5LOW
EPSS
0.2%
top 61.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IBM Maximo Asset ManagementIBM Maximo Asset Management EssentialsIBM Maximo Industry Solutions+1 more
Timeline
PublishedJul 29
Latest updateMay 17

Description

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

NVDibm/maximo_asset_management7 versions+6
NVDibm/smartcloud_control_desk8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-ffhw-273c-5fxw: CRLF injection vulnerability in IBM Maximo Asset Management 72022-05-17
CVEList
CVE-2014-3026: CRLF injection vulnerability in IBM Maximo Asset Management 72014-07-29

💥Exploits & PoCs

1
Exploit-DB
AirLive (Multiple Products) - OS Command Injection2015-07-08
CVE-2014-3026 (LOW CVSS 3.5) | CRLF injection vulnerability in IBM | cvebase.io