CVE-2014-6151

Published: Oct 25, 2014Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Affected (2)

Products: Ibm: Tivoli Integrated Portal

Ibm

1 product

Tivoli Integrated Portal

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Integrated Portal	Version 2.1
Ibm Tivoli Integrated Portal	Version 2.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://secunia.com/advisories/61899

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1PI27417

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21687541

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/70727

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/97033

Source: psirt@us.ibm.com

http://secunia.com/advisories/61899