CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.3:*:*:*:*:*:*:*

History

15 Feb 2024, 04:41

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*
CWE CWE-307
First Time Ibm
Ibm engineering Lifecycle Optimization
Summary
  • (es) IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los encabezados HOST. Esto podría permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de caché o secuestro de sesión. ID de IBM X-Force: 268754.
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7116045 - () https://www.ibm.com/support/pages/node/7116045 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 5.1
v2 : unknown
v3 : 6.1

09 Feb 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-09 01:15

Updated : 2024-02-15 04:41


NVD link : CVE-2023-45190

Mitre link : CVE-2023-45190

CVE.ORG link : CVE-2023-45190


JSON object : View

Products Affected

ibm

  • engineering_lifecycle_optimization
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts