What is the severity of CVE-2014-4803?

CVE-2014-4803 is classified as a high severity vulnerability due to potential for unauthorized HTTP response manipulation.

How do I fix CVE-2014-4803?

To fix CVE-2014-4803, upgrade IBM Curam Social Program Management to the latest patched version, specifically to 6.0 SP2 EP26 or later.

Who is affected by CVE-2014-4803?

CVE-2014-4803 affects users of IBM Curam Social Program Management versions 6.0 SP2 before EP26, among other specific versions.

What type of vulnerability is CVE-2014-4803?

CVE-2014-4803 is a CRLF injection vulnerability that can be exploited by remote authenticated users.

Can CVE-2014-4803 be exploited without authentication?

No, CVE-2014-4803 requires authentication for exploitation, limiting the attack vector to authenticated users.

Vulnerability/
CVE-2014-4803

low

3.5

CWE

13/2/2015

6/8/2024

CVE-2014-4803: CRLF Injection

First published: Fri Feb 13 2015(Updated: )

CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via an unspecified parameter.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Curam Social Program Management	<=6.0
IBM Curam Social Program Management	=6.0.4.0
IBM Curam Social Program Management	=6.0.4.1
IBM Curam Social Program Management	=6.0.4.2
IBM Curam Social Program Management	=6.0.4.3
IBM Curam Social Program Management	=6.0.4.4
IBM Curam Social Program Management	=6.0.4.5
IBM Curam Social Program Management	=6.0.5.0
IBM Curam Social Program Management	=6.0.5.1
IBM Curam Social Program Management	=6.0.5.2
IBM Curam Social Program Management	=6.0.5.3
IBM Curam Social Program Management	=6.0.5.4
IBM Curam Social Program Management	=6.0.5.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-4803?
CVE-2014-4803 is classified as a high severity vulnerability due to potential for unauthorized HTTP response manipulation.
How do I fix CVE-2014-4803?
To fix CVE-2014-4803, upgrade IBM Curam Social Program Management to the latest patched version, specifically to 6.0 SP2 EP26 or later.
Who is affected by CVE-2014-4803?
CVE-2014-4803 affects users of IBM Curam Social Program Management versions 6.0 SP2 before EP26, among other specific versions.
What type of vulnerability is CVE-2014-4803?
CVE-2014-4803 is a CRLF injection vulnerability that can be exploited by remote authenticated users.
Can CVE-2014-4803 be exploited without authentication?
No, CVE-2014-4803 requires authentication for exploitation, limiting the attack vector to authenticated users.

collector/nvd-index
agent/references
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/description
agent/tags
agent/event
agent/source
vendor/ibm
canonical/ibm curam social program management
version/ibm curam social program management/6.0
version/ibm curam social program management/6.0.4.0
version/ibm curam social program management/6.0.4.1
version/ibm curam social program management/6.0.4.2
version/ibm curam social program management/6.0.4.3
version/ibm curam social program management/6.0.4.4
version/ibm curam social program management/6.0.4.5
version/ibm curam social program management/6.0.5.0
version/ibm curam social program management/6.0.5.1
version/ibm curam social program management/6.0.5.2
version/ibm curam social program management/6.0.5.3
version/ibm curam social program management/6.0.5.4
version/ibm curam social program management/6.0.5.5