CVE-2025-14807

Published: Mar 25, 2026 Last Modified: Mar 25, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

644

Improper Neutralization of HTTP Headers for Scripting Syntax

Incomplete

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Read Application Data

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

https://www.ibm.com/support/pages/node/7267526

CVE-2025-14807

Description

Improper Neutralization of HTTP Headers for Scripting Syntax

Common Consequences

Applicable Platforms

Iscriviti alla newsletter