CVE-2021-29854 vulnerability in IBM Products
Published on May 3, 2022
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.
Products Associated with CVE-2021-29854
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-29854 are published in these products:
Affected Versions
IBM Maximo Asset Management:- Version 7.6.1.1 is affected.
- Version 7.6.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.