HTTP Header Injection Vulnerability in IBM Control Center
CVE-2023-35894
6.1MEDIUM
Summary
IBM Control Center versions 6.2.1 through 6.3.1 exhibit a security flaw due to improper validation of input within the HOST headers. This vulnerability can be exploited by attackers, enabling them to execute various malicious activities such as cross-site scripting (XSS), cache poisoning, and session hijacking. Proper safeguards and updates are essential to mitigate this risk effectively.
Affected Version(s)
Control Center 6.2.1 <= 6.3.1
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved