Host Header Injection Vulnerability in Veritas Appliance by Veritas Technologies
CVE-2023-26788

6.1MEDIUM

Key Information:

Vendor
Veritas
Status
Netbackup Appliance Firmware
Vendor
CVE Published:
10 April 2023

Summary

Veritas Appliance version 4.1.0.1 is susceptible to host header injection attacks, wherein an attacker can manipulate the HTTP host header. This exploitation may lead to unpredictable behavior of the application by redirecting requests to unintended domains or IP addresses. Effective security measures should be implemented to mitigate this vulnerability and protect sensitive data from potential breaches.

References

https://github.com/IthacaLabs/Veritas-Technologies
https://github.com/IthacaLabs/Veritas-Technologies/blob/m...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-26788 : Host Header Injection Vulnerability in Veritas Appliance by Veritas Technologies | SecurityVulnerability.io