CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
IBM
Code Injection
Websphere Commerce
NVD
CVSS 2.0
5.0
EPSS
0.2%