Impact
IBM DevOps Plan versions 3.0.0 through 3.0.6 allow HTTP Host header injection because the application does not properly validate or sanitize the HOST header. An attacker can insert malicious content into the header, potentially leading to cross‑site scripting, cache poisoning, or session hijacking against the vulnerable system.
Affected Systems
The affected product is IBM DevOps Plan, specifically versions 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, and 3.0.6. Versions prior to 3.0.0 or any version above 3.0.6 are not affected as per the supplied list.
Risk and Exploitability
The CVSS score of 6.5 indicates a medium severity risk, and the EPSS score is not available, so the exploitation probability cannot be quantified. The vulnerability is not listed in CISA KEV. Likely exploitation requires remote network access to send a crafted HTTP request with a malicious Host header to the IBM DevOps Plan instance. Once accessed, the attacker could inject scripts or manipulate cache entries or hijack sessions, affecting confidentiality, integrity, and availability of the application and its users.
OpenCVE Enrichment