CVE-2021-29872

Published: Jan 18, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228.

Affected (16)

Products: Ibm: Cloud Pak For Automation

Ibm

1 product

Cloud Pak For Automation

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Cloud Pak For Automation	Before 21.0.2
Ibm Cloud Pak For Automation	Version 21.0.2
Ibm Cloud Pak For Automation	Version 21.0.2 interim_fix001
Ibm Cloud Pak For Automation	Version 21.0.2 interim_fix002
Ibm Cloud Pak For Automation	Version 21.0.2 interim_fix003
Ibm Cloud Pak For Automation	Version 21.0.2 interim_fix004
Ibm Cloud Pak For Automation	Version 21.0.2 interim_fix005
Ibm Cloud Pak For Automation	Version 21.0.2 interim_fix006

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Cloud Pak For Automation	Before 21.0.1
Ibm Cloud Pak For Automation	Version 21.0.1
Ibm Cloud Pak For Automation	Version 21.0.1 interim_fix001
Ibm Cloud Pak For Automation	Version 21.0.1 interim_fix002
Ibm Cloud Pak For Automation	Version 21.0.1 interim_fix003
Ibm Cloud Pak For Automation	Version 21.0.1 interim_fix004
Ibm Cloud Pak For Automation	Version 21.0.1 interim_fix005
Ibm Cloud Pak For Automation	Version 21.0.1 interim_fix006