CVE-2018-1943

CWE-744 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 68.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud Private

Timeline

PublishedApr 8

Latest updateMay 13

Description

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/cloud_private3.1.0, 3.1.1+1

▶NVDibm/cloud_private3.1.0, 3.1.1+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-74v2-5mpp-xhc7: IBM Cloud Private 3↗2022-05-13

▶

CVEList

CVE-2018-1943: IBM Cloud Private 3↗2019-04-08

▶

💥Exploits & PoCs

Exploit-DB

Kentico CMS 11.0 - Buffer Overflow↗2018-01-12

▶