CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1474

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-force ID: 140692.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2018-1474

Ibm » Bigfix Platform » Version: 9.2.0

cpe:2.3:a:ibm:bigfix_platform:9.2.0
Ibm » Bigfix Platform » Version: 9.2.1

cpe:2.3:a:ibm:bigfix_platform:9.2.1
Ibm » Bigfix Platform » Version: 9.2.10

cpe:2.3:a:ibm:bigfix_platform:9.2.10
Ibm » Bigfix Platform » Version: 9.2.11

cpe:2.3:a:ibm:bigfix_platform:9.2.11
Ibm » Bigfix Platform » Version: 9.2.12

cpe:2.3:a:ibm:bigfix_platform:9.2.12
Ibm » Bigfix Platform » Version: 9.2.13

cpe:2.3:a:ibm:bigfix_platform:9.2.13
Ibm » Bigfix Platform » Version: 9.2.14

cpe:2.3:a:ibm:bigfix_platform:9.2.14
Ibm » Bigfix Platform » Version: 9.2.2

cpe:2.3:a:ibm:bigfix_platform:9.2.2
Ibm » Bigfix Platform » Version: 9.2.3

cpe:2.3:a:ibm:bigfix_platform:9.2.3
Ibm » Bigfix Platform » Version: 9.2.4

cpe:2.3:a:ibm:bigfix_platform:9.2.4
Ibm » Bigfix Platform » Version: 9.2.5

cpe:2.3:a:ibm:bigfix_platform:9.2.5
Ibm » Bigfix Platform » Version: 9.2.6

cpe:2.3:a:ibm:bigfix_platform:9.2.6
Ibm » Bigfix Platform » Version: 9.2.7

cpe:2.3:a:ibm:bigfix_platform:9.2.7
Ibm » Bigfix Platform » Version: 9.2.8

cpe:2.3:a:ibm:bigfix_platform:9.2.8
Ibm » Bigfix Platform » Version: 9.2.9

cpe:2.3:a:ibm:bigfix_platform:9.2.9
Ibm » Bigfix Platform » Version: 9.5

cpe:2.3:a:ibm:bigfix_platform:9.5
Ibm » Bigfix Platform » Version: 9.5.0

cpe:2.3:a:ibm:bigfix_platform:9.5.0
Ibm » Bigfix Platform » Version: 9.5.1

cpe:2.3:a:ibm:bigfix_platform:9.5.1
Ibm » Bigfix Platform » Version: 9.5.2

cpe:2.3:a:ibm:bigfix_platform:9.5.2
Ibm » Bigfix Platform » Version: 9.5.3

cpe:2.3:a:ibm:bigfix_platform:9.5.3
Ibm » Bigfix Platform » Version: 9.5.4

cpe:2.3:a:ibm:bigfix_platform:9.5.4
Ibm » Bigfix Platform » Version: 9.5.5

cpe:2.3:a:ibm:bigfix_platform:9.5.5
Ibm » Bigfix Platform » Version: 9.5.6

cpe:2.3:a:ibm:bigfix_platform:9.5.6
Ibm » Bigfix Platform » Version: 9.5.7

cpe:2.3:a:ibm:bigfix_platform:9.5.7
Ibm » Bigfix Platform » Version: 9.5.8

cpe:2.3:a:ibm:bigfix_platform:9.5.8
Ibm » Bigfix Platform » Version: 9.5.9

cpe:2.3:a:ibm:bigfix_platform:9.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1474

Products

Pricing

Contact Us