MEDIUM🇵🇱 Wersja polska

CVE-2023-45190

CVSS 5.1v3.1pub. 2024-02-09upd. 2025-06-03

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • IBM Engineering Lifecycle Optimization

    APP
    Ibm
    7.0.27.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-45191HIGH7.5ten sam produkt

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could a...

CVE-2021-29844HIGH8.8ten sam produkt

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authentic...

CVE-2021-29774HIGH7.5ten sam produkt

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain co...

CVE-2024-52890MEDIUM6.1ten sam produkt

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scriptin...

CVE-2023-45187MEDIUM6.3ten sam produkt

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout w...