Vulnerabilities > CVE-2014-3026 - Remote Security vulnerability in SmartCloud Control Desk

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
ibm

Summary

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/93.html" target="_blank">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>