CVE-2021-29854 vulnerability in IBM Products
Published on May 3, 2022

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680.

NVD

Products Associated with CVE-2021-29854

stack.watch emails you whenever new vulnerabilities are published in IBM Maximo Asset Management or IBM Maximo Application Suite. Just hit a watch button to start following.

IBM Maximo Asset Management

IBM Maximo Application Suite

Affected Versions

IBM Maximo Asset Management:

Version 7.6.1.1 is affected.
Version 7.6.1.2 is affected.

Exploit Probability

EPSS

0.06%

Percentile

17.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-29854 vulnerability in IBM ProductsPublished on May 3, 2022

Products Associated with CVE-2021-29854

Affected Versions

Exploit Probability

CVE-2021-29854 vulnerability in IBM Products
Published on May 3, 2022