Lucene search

[email protected]CVE-2023-36085

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-36085

2023-10-2518:17:28

CWE-601

[email protected]

web.nvd.nist.gov

sisqualwfm

android

host header injection

vulnerability

phishing attacks

malware distribution

unauthorized access

nvd

cve-2023-36085

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its “/sisqualIdentityServer/core/” endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

Affected configurations

NVD

Node

sisqualwfmsisqualwfmRange7.1.319.103–7.1.319.111android

CPENameOperatorVersion
sisqualwfm:sisqualwfmsisqualwfmlt7.1.319.111

CPE	Name	Operator	Version
sisqualwfm:sisqualwfm	sisqualwfm	lt	7.1.319.111

References

packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-Injection.html

github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-36085

cvelist1 zdt2 prion1 exploitdb1 nvd1 packetstorm1