Primary

Context

IBM Control Center HTTP Host Header Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing HTTP header injection has been identified in IBM Control Center versions 6.2.1 prior to 6.3.1. This issue arises from inadequate validation of input in the HOST headers, potentially enabling attackers to perform various actions such as cross-site scripting, cache poisoning, or session hijacking.

Impact

Exploitation of this vulnerability could lead to HTTP header injection, allowing for cross-site scripting, cache poisoning, or session hijacking.

Remediation

Users can upgrade to IBM Sterling Control Center version 6.3.1.0 iFix04 or version 6.2.1.0 iFix15. Instructions for downloading these versions are available on Fix Central.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Control Center HTTP Host Header Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Control Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating