CVE-2023-36085

{"id": "CVE-2023-36085", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-10-25T18:17:28.223", "references": [{"url": "http://packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-Injection.html", "source": "cve@mitre.org"}, {"url": "https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its \"/sisqualIdentityServer/core/\" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources."}, {"lang": "es", "value": "SisqualWFM 7.1.319.103 a 7.1.319.111 para Android tiene una vulnerabilidad de inyecci\u00f3n de encabezado de host en su endpoint \"/sisqualIdentityServer/core/\". Al modificar el encabezado del host HTTP, un atacante puede cambiar los enlaces de las p\u00e1ginas web e incluso redirigir a los usuarios a ubicaciones arbitrarias o maliciosas. Esto puede provocar ataques de phishing, distribuci\u00f3n de malware y acceso no autorizado a recursos confidenciales."}], "lastModified": "2024-02-05T17:15:08.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sisqualwfm:sisqualwfm:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "2E2D8E46-F675-48EC-99D0-2F4A30BB9C32", "versionEndExcluding": "7.1.319.111", "versionStartIncluding": "7.1.319.103"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}