{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T18:29:07.724","vulnerabilities":[{"cve":{"id":"CVE-2019-4186","sourceIdentifier":"psirt@us.ibm.com","published":"2019-09-05T15:15:12.970","lastModified":"2024-11-21T04:43:17.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-force ID: 158976."},{"lang":"es","value":"Jazz for Service Management de IBM versión 1.1.3  es vulnerable a la inyección de cabeceras HTTP causado por una confianza incorrecta en el encabezado HTTP Host durante el almacenamiento en caché. Al enviar una solicitud HTTP GET especialmente diseñada, un atacante remoto podría aprovechar esta vulnerabilidad para inyectar encabezados HTTP arbitrarios, lo que permitirá al atacante realizar varios ataques contra el sistema vulnerable, incluyendo secuencias de comandos entre sitios, envenenamiento de caché o secuestro de sesión. ID de IBM X-force: 158976."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV30":[{"source":"psirt@us.ibm.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A4D61491-0785-4193-A828-2177AFB81380"}]}]}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/158976","source":"psirt@us.ibm.com","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://supportcontent.ibm.com/support/pages/node/1071966","source":"psirt@us.ibm.com","tags":["Permissions Required"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/158976","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry","Vendor Advisory"]},{"url":"https://supportcontent.ibm.com/support/pages/node/1071966","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}