CVE-2023-50963

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-50963
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/276101 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7106918 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:storage_defender_data_protect:*:*:*:*:*:*:*:*
History

24 Jan 2024, 21:22

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/276101 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/276101 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/7106918 - () https://www.ibm.com/support/pages/node/7106918 - Vendor Advisory
CPE cpe:2.3:a:ibm:storage_defender_data_protect:*:*:*:*:*:*:*:*
First Time Ibm storage Defender Data Protect
Ibm
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 5.4

19 Jan 2024, 15:56

Type Values Removed Values Added
Summary
  • (es) IBM Storage Defender - Data Protect 1.0.0 a 1.4.1 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los encabezados HOST. Esto podría permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de caché o secuestro de sesión. ID de IBM X-Force: 276101.

19 Jan 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-19 02:15

Updated : 2024-01-24 21:22

NVD link : CVE-2023-50963

Mitre link : CVE-2023-50963

CVE.ORG link : CVE-2023-50963

JSON object : View

Products Affected

ibm

  • storage_defender_data_protect
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')