IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2021-08-17T13:55:12.216858Z
Updated: 2024-09-16T20:43:10.370Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4706
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-17T14:15:07.323
Modified: 2024-11-21T05:33:09.480
Link: CVE-2020-4706
Redhat
No data.