CVE-2023-32465

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-644
View all →

Vulnerability Description

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

Related Vulnerabilities

CVE-2017-6031

HIGH
CVSS:8.8(High)

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may all...

CWE-6442017

CVE-2020-6982

HIGH
CVSS:8.8(High)

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.

CWE-6442020

CVE-2023-47143

CRITICAL
CVSS:9.8(Critical)

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an att...

CWE-6442023

CVE-2024-39736

CRITICAL
CVSS:9.8(Critical)

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct ...

CWE-6442024

CVE-2021-21265

HIGH
CVSS:7.5(High)

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any requ...

CWE-6442021

CVE-2024-1064

HIGH
CVSS:7.5(High)

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host he...

CWE-6442024