CVE-2019-4552

3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 64.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access ManagerIBM Security Verify Access
Timeline
PublishedOct 15
Latest updateMay 24

Description

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDibm/security_verify_access10.0.010.0.0.1
NVDibm/security_access_manager9.0.7.09.0.7.2
CVEListV5ibm/security_verify_access10.0.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-5g4v-ppfj-47wj: IBM Security Access Manager 92022-05-24
CVEList
CVE-2019-4552: IBM Security Access Manager 92020-10-15
CVE-2019-4552 (MEDIUM CVSS 6.1) | IBM Security Access Manager 9.0.7 a | cvebase.io