Lucene search

PRIOn knowledge basePRION:CVE-2023-47143

HistoryFeb 02, 2024 - 1:15 p.m.

Cross site scripting

2024-02-0213:15:00

PRIOn knowledge base

www.prio-n.com

ibm

tivoli

application dependency discovery manager

http header injection

cross-site scripting

cache poisoning

session hijacking

x-force id

nvd

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.0%

JSON

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.

CPENameOperatorVersion
tivoli_application_dependency_discovery_managerge7.3.0.0
tivoli_application_dependency_discovery_managerlt7.3.0.11

CPE	Name	Operator	Version
	tivoli_application_dependency_discovery_manager	ge	7.3.0.0
	tivoli_application_dependency_discovery_manager	lt	7.3.0.11

References

exchange.xforce.ibmcloud.com/vulnerabilities/270270

www.ibm.com/support/pages/node/7105139