CVE-2019-4552 - IBM Security Access Manager and IBM Security Verify Access

October 15, 2020

Moderate 6.1

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 165960.

Affected software

IBM Security Access Manager

IBM Security Verify Access

Reference links

https://exchange.xforce.ibmcloud.com/vulnerabilities/165960
https://www.ibm.com/support/pages/node/6348046

CVE-2019-4552 - IBM Security Access Manager and IBM Security Verify Access

Affected software

Reference links

Get alerted to vulnerabilities in your software