CVE-2025-23191

LOW Year: 2025
CVSS v3 Score
3.1
Low
Weakness Type
CWE-644
View all →

Vulnerability Description

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application.

Related Vulnerabilities

CVE-2024-21499

MEDIUM
CVSS:4.3(Medium)

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vuln...

CWE-6442024

CVE-2025-24339

MEDIUM
CVSS:5.0(Medium)

A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-t...

CWE-6442025

CVE-2023-47143

CRITICAL
CVSS:9.8(Critical)

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an att...

CWE-6442023

CVE-2024-39736

CRITICAL
CVSS:9.8(Critical)

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct ...

CWE-6442024

CVE-2017-6031

HIGH
CVSS:8.8(High)

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may all...

CWE-6442017

CVE-2020-6982

HIGH
CVSS:8.8(High)

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.

CWE-6442020