CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
IBM
Code Injection
RCE
Websphere Portal
NVD
CVSS 2.0
3.5
EPSS
0.2%