RCE in Ibm Infosphere_biginsights

CVE-2013-3998

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.008 (50.8th percentile) — read the EPSS interpretation.

Affected products

Ibm Infosphere_biginsights — versions 1.1.0.0, 1.1.0.1, 1.1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

psirt@us.ibm.com (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)