Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228.

  • Published: Jan 18, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-29872
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

Software From Fixed in
ibm / cloud_pak_for_automation - 21.0.2
ibm / cloud_pak_for_automation 21.0.2 21.0.2.x
ibm / cloud_pak_for_automation 21.0.2-interim_fix001 21.0.2-interim_fix001.x
ibm / cloud_pak_for_automation 21.0.2-interim_fix002 21.0.2-interim_fix002.x
ibm / cloud_pak_for_automation 21.0.2-interim_fix003 21.0.2-interim_fix003.x
ibm / cloud_pak_for_automation 21.0.2-interim_fix004 21.0.2-interim_fix004.x
ibm / cloud_pak_for_automation 21.0.2-interim_fix005 21.0.2-interim_fix005.x
ibm / cloud_pak_for_automation 21.0.2-interim_fix006 21.0.2-interim_fix006.x
ibm / cloud_pak_for_automation 21.0.1 21.0.1.x
ibm / cloud_pak_for_automation - 21.0.1
ibm / cloud_pak_for_automation 21.0.1-interim_fix001 21.0.1-interim_fix001.x
ibm / cloud_pak_for_automation 21.0.1-interim_fix002 21.0.1-interim_fix002.x
ibm / cloud_pak_for_automation 21.0.1-interim_fix003 21.0.1-interim_fix003.x
ibm / cloud_pak_for_automation 21.0.1-interim_fix004 21.0.1-interim_fix004.x
ibm / cloud_pak_for_automation 21.0.1-interim_fix005 21.0.1-interim_fix005.x
ibm / cloud_pak_for_automation 21.0.1-interim_fix006 21.0.1-interim_fix006.x