CVE-2023-47143

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-644
View all →

Vulnerability Description

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.

Related Vulnerabilities

CVE-2024-39736

CRITICAL
CVSS:9.8(Critical)

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct ...

CWE-6442024

CVE-2017-6031

HIGH
CVSS:8.8(High)

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may all...

CWE-6442017

CVE-2020-6982

HIGH
CVSS:8.8(High)

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.

CWE-6442020

CVE-2023-32465

HIGH
CVSS:8.8(High)

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery...

CWE-6442023

CVE-2024-39736

CRITICAL
CVSS:9.8(Critical)

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct ...

CWE-6442024

CVE-2017-6031

HIGH
CVSS:8.8(High)

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may all...

CWE-6442017