HTTP Header Injection Vulnerability in IBM Aspera Console
CVE-2022-43847
5.4MEDIUM
Summary
IBM Aspera Console versions 3.4.0 to 3.4.4 are susceptible to HTTP header injection due to insufficient validation of user input in HOST headers. This vulnerability can be exploited by attackers to perform various malicious actions including cross-site scripting (XSS), cache poisoning, and session hijacking, potentially compromising the integrity and confidentiality of the affected systems.
Affected Version(s)
Aspera Console 3.4.0 <= 3.4.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved