CVE-2019-4216 — Injection in IBM Smartcloud Analytics LOG Analysis
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 74.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 22
Latest updateMay 24
Description
IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5