MEDIUM🇬🇧 English

CVE-2026-4096

CVSS 6.5v3.1pub. 2026-06-11upd. 2026-06-16

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • IBM Devops Plan

    APP
    Ibm
    3.0.0 – 3.0.7 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-36363MEDIUM5.9ten sam produkt

IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attac...

CVE-2025-36364MEDIUM6.2ten sam produkt

IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another us...

CVE-2022-47986CRITICAL9.8⚠ KEVten sam vendor

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2020-4427CRITICAL9.8⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...

CVE-2020-4428CRITICAL9.1⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute ar...