CVE-2018-1474 is a vulnerability in IBM Bigfix Platform

CVE-2018-1474 is a vulnerability in IBM Bigfix Platform
Published on December 12, 2018

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692.

Products Associated with CVE-2018-1474

Want to know whenever a new CVE is published for IBM Bigfix Platform? stack.watch will email you.

Affected Versions

Version 9.5.9 is affected.

Version 9.2.0 is affected.

Version 9.2.14 is affected.

Version 9.5.0 is affected.

Exploit Probability

EPSS

0.19%

Percentile

40.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1474 is a vulnerability in IBM Bigfix PlatformPublished on December 12, 2018

Products Associated with CVE-2018-1474

Affected Versions

Exploit Probability

CVE-2018-1474 is a vulnerability in IBM Bigfix Platform
Published on December 12, 2018