Lucene search
K

169 matches found

NVD
NVD
added 2024/01/19 2:15 a.m.30 views

CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.5CVSS6.3AI score0.0033EPSS
Exploits0References2
Prion
Prion
added 2024/01/19 2:15 a.m.14 views

Cross site scripting

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.8CVSS6.5AI score0.0033EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/19 1:30 a.m.2 views

CVE-2023-50963 IBM Storage Defender HTTP HOST header injection

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/19 1:30 a.m.33 views

CVE-2023-50963 IBM Storage Defender HTTP HOST header injection

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.5CVSS6.3AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2024/01/19 1:30 a.m.31 views

CVE-2023-50963

IBM Storage Defender – Data Protect versions 1.0.0–1.4.1 are vulnerable to HTTP header injection due to improper validation of HOST headers, enabling attacks such as cross-site scripting, cache poisoning, or session hijacking as described in IBM X-Force/Red Hat advisories. Remediation: IBM recomm...

6.5CVSS5.3AI score0.0033EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.5 views

IBM Storage Defender Input Validation Error Vulnerability

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. An input validation error vulnerability exists in IBM Storage Defender - Data Protect versions 1.0.0 through 1.4.1, which stems from vulnerability to HTTP header injection attacks...

6.5CVSS7AI score0.0033EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.4 views

PT-2024-14033 · Ibm · Ibm Storage Defender - Data Protect

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Data Protect versions 1.0.0 through 1.4.1 Description: The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks...

6.5CVSS5.7AI score0.0033EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 4:13 p.m.43 views

Security Bulletin: Vulnerabilities in Node.js, OpenSSL, trim, and Chalk ansi-regex module might affect IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in runtime errors, denial of service attacks, remote code execution, remote access authentication bypass, and the ability to obtain sensitive information. The vulnerabilities have been addressed. Vulnerability Details...

7.8CVSS8.5AI score0.16195EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/30 5:27 p.m.70 views

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in runtime errors, denial of service attacks, remote code execution, or remote access authentication bypass. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2018-17142 DESCRIPTION: Golang Go is...

9.3CVSS10AI score0.2241EPSS
Exploits21Affected Software1
Rows per page
Query Builder