CVE-2024-40686
Published: 23 July 2025
Summary
CVE-2024-40686 is a medium-severity Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644) vulnerability in Ibm Smartcloud Analytics Log Analysis. Its CVSS base score is 5.4 (Medium).
Operationally, ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54813
Vulnerability details
IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the…
more
vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.