CVE-2023-36921

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-644
View all →

Vulnerability Description

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

Related Vulnerabilities

CVE-2021-21265

HIGH
CVSS:7.5(High)

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any requ...

CWE-6442021

CVE-2024-1064

HIGH
CVSS:7.5(High)

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host he...

CWE-6442024

CVE-2022-22399

MEDIUM
CVSS:6.5(Medium)

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against th...

CWE-6442022

CVE-2021-20784

MEDIUM
CVSS:6.1(Medium)

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

CWE-6442021

CVE-2022-45102

MEDIUM
CVSS:6.1(Medium)

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting ...

CWE-6442022

CVE-2023-35894

MEDIUM
CVSS:6.1(Medium)

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks again...

CWE-6442023