CVE-2014-9564

MEDIUM

IBM Flex System EN6131-IB6131 40Gb - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.

References (2)

[Vendor Advisory] https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74931

Scores

CVSS v3 6.1

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-93

Status published

Products (2)

ibm/en6131_firmware

ibm/ib6131_firmware

Published Aug 25, 2017

Tracked Since Feb 18, 2026