{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "59257", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59257"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"name": "ibm-curam-cve20143012-crlf-injection(93010)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-3012", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "59257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59257"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"name": "ibm-curam-cve20143012-crlf-injection(93010)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:28:46.394Z"}, "title": "CVE Program Container", "references": [{"name": "59257", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59257"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"name": "ibm-curam-cve20143012-crlf-injection(93010)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-3012", "datePublished": "2014-06-18T16:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:28:46.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2A64B23F-E318-4506-946D-F30BB453282E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:5.2:sp4:*:*:*:*:*:*", "matchCriteriaId": "8634A1FB-ECD1-45A7-9186-37EB6974EDD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDD18D50-AEBC-4131-B89F-F2A74501E0A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "8540059F-8E22-4684-B161-B3EC5996286E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEFDBB0F-A8C9-40DF-81CF-799D034D2EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB8E3B08-7171-414D-8A41-14C9E18B1BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "940271A7-2CC3-4A34-BB5A-D9F4D45A7895", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A2F3FDC1-B49D-46DD-B9F7-DCE3F1FD4B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "13AA664F-BCD8-4CED-A201-E2543D437E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A6711519-4E7D-4782-8372-7996C24E50D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "17929DC8-0E48-4BF4-AAFE-6463C8540FF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FD3FF4C-C12A-4CBC-8983-85929C5D121E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DAE6D88C-92CF-415E-978C-0107C4C4C52C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "CB928C52-91BB-43A6-B25F-F359F05F1388", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "25DE6951-4C91-4443-843C-805D416F4074", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en IBM Curam Social Program Management 5.2 SP1 hasta 6.0.5.4 permiten a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de par\u00e1metros no especificados en custom JSPs."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')\"", "id": "CVE-2014-3012", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-18T16:55:07.687", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59257"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93010"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}