Remote HOST Header Attack Vulnerability in HPE CentralView Fraud Risk Management
CVE-2018-7068

6.1MEDIUM

Key Information:

Vendor: HP
Status: HP Centralview Fraud Risk Management
Vendor: CVE Published:; 6 August 2018

Summary

HPE CentralView Fraud Risk Management versions earlier than 6.1 are susceptible to a remote HOST header attack. This type of vulnerability can allow attackers to manipulate the behavior of the application by altering the HOST header in HTTP requests, potentially leading to unauthorized actions or information exposure. Users are urged to update to HF16 for HPE CV 6.1 or to any subsequent version to mitigate this risk.

Affected Version(s)

HPE CentralView Fraud Risk Management earlier than version CV 6.1

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 6, 2018
Vulnerability Reserved
Feb 15, 2018