Skip to main content

Engineering Workflow Management CVE-2024-51454

| EUVDEUVD-2024-55644 MEDIUM
Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)
2026-06-22 ibm GHSA-5m2m-hj2m-4xvr
6.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (ibm) PRIMARY
MEDIUM
qualitative
NVD
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (ibm).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
CVSS changed
Jun 26, 2026 - 20:07 NVD
6.5 (MEDIUM) 6.1 (MEDIUM)
CVE Published
Jun 22, 2026 - 14:33 nvd
MEDIUM 6.1

DescriptionNVD

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

AnalysisAI

IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-644. IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. Affected products include: Ibm Engineering Workflow Management. Version information: through 7.0.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-29844 HIGH
8.8 Oct 27

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this

CVE-2021-29774 HIGH
7.5 Oct 27

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configuratio

CVE-2021-20502 HIGH
7.1 Mar 30

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. R

CVE-2021-29786 MEDIUM
6.5 Oct 27

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated me

CVE-2025-33128 MEDIUM
5.4 Jun 22

Stored cross-site scripting in IBM Engineering Workflow Management's Web UI enables an authenticated low-privileged atta

CVE-2024-28793 MEDIUM
5.4 May 28

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Rated medium severity

CVE-2021-29673 MEDIUM
5.4 Oct 27

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerabili

CVE-2021-20507 MEDIUM
5.4 Jul 19

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4

CVE-2021-20519 MEDIUM
5.4 Apr 12

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerabili

CVE-2021-20520 MEDIUM
5.4 Mar 30

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerabilit

CVE-2021-20518 MEDIUM
5.4 Mar 30

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerabilit

CVE-2021-20506 MEDIUM
5.4 Mar 30

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerabilit

Share

CVE-2024-51454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy