CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
3.1 | $0-$5k | 0.00 |
A vulnerability was found in IBM Tivoli Integrated Portal 2.1 (Directory Service Software). It has been rated as problematic. This issue affects some unknown processing. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is integrity. The summary by CVE is:
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
The weakness was released 10/25/2014 by plonk (Website). The advisory is shared at xforce.iss.net. The identification of this vulnerability is CVE-2014-6151 since 09/02/2014. The attack may be initiated remotely. Required for exploitation is a simple authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.
The vulnerability is also documented in the vulnerability database at X-Force (97033). Entry connected to this vulnerability is available at 72702.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.5VulDB Meta Temp Score: 3.1
VulDB Base Score: 3.5
VulDB Temp Score: 3.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
09/02/2014 🔍10/22/2014 🔍
10/25/2014 🔍
10/25/2014 🔍
10/28/2014 🔍
03/27/2015 🔍
03/29/2018 🔍
Sources
Vendor: ibm.comAdvisory: xforce.iss.net
Researcher: plonk
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-6151 (🔍)
X-Force: 97033 - IBM Tivoli Integrated Portal HTTP Response Splitting vulnerability
SecurityFocus: 70727
Secunia: 61899 - IBM Tivoli Integrated Portal Cross-Site Scripting and HTTP Response Splitting Vulnerabilit, Less Critical
See also: 🔍
Entry
Created: 03/27/2015 12:07Updated: 03/29/2018 02:22
Changes: 03/27/2015 12:07 (54), 03/29/2018 02:22 (6)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.