CVE-2024-51454 | IBM Engineering Workflow Management 7.0.2 through 7.0.2 Inte… | CVSS 6.5 MEDIUM

Description

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Metadata

CVE ID: CVE-2024-51454
State: PUBLISHED
Assigner: ibm
Reserved: 2024-10-28 10:49 UTC
Published: 2026-06-22 14:33 UTC
Last updated: 2026-06-22 17:50 UTC
Primary CWE: CWE-644
CWE-644 Improper Neutralization of HTTP Headers for Scriptin…
Vendor / Product: IBM / Engineering Workflow Management
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
IBM	Engineering Workflow Management	—	7.0.2 ≤ 7.0.2 Interim Fix 035, 7.0.3 ≤ 7.0.3 Interim Fix 017, 7.1 ≤ 7.1 Interim Fix 004

Weakness (CWE)

CWE	Source	Description
CWE-644	cna	CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (1)

https://www.ibm.com/support/pages/node/7276371