CVE-2020-5019
First published: Thu Jan 07 2021(Updated: )
IBM Spectrum Protect Plus is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | <=10.1.0-10.1.6 | |
| IBM Spectrum Protect Plus | >=10.1.0<10.1.7 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5019?
CVE-2020-5019 is a vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 that allows for HTTP header injection.
How does the vulnerability in CVE-2020-5019 occur?
The vulnerability in CVE-2020-5019 occurs due to improper validation of input by the HOST headers in IBM Spectrum Protect Plus.
What is the impact of CVE-2020-5019?
An attacker exploiting CVE-2020-5019 can inject HTTP HOST header, potentially leading to various attacks.
How can I fix the vulnerability in CVE-2020-5019?
IBM has released a patch to address the vulnerability in CVE-2020-5019, so users should update to a version higher than 10.1.6.
Where can I find more information about CVE-2020-5019?
More information about CVE-2020-5019 can be found on the IBM X-Force Exchange website and the official IBM support page.
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0-10.1.6
- version/ibm spectrum protect plus/10.1.0
- vendor/linux
- canonical/linux linux kernel