CRITICAL🇵🇱 Wersja polska

CVE-2023-47143

CVSS 10.0v3.1pub. 2024-02-02upd. 2024-11-21

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.

🤖 AI Analysis
How it works

The application improperly validates input data contained in the HTTP HOST header sent by the client. An attacker can inject malicious data into the header, thereby manipulating server responses. This mechanism enables attacks such as XSS (cross-site scripting), cache poisoning, or session hijacking (user session takeover). The attack does not require authentication or interaction from the victim.

Impact

An attacker can hijack user sessions (session hijacking), inject malicious scripts (XSS) executed in the context of the victim's browser, or poison the cache (cache poisoning), which can lead to compromise of confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references — patch details available at: https://www.ibm.com/support/pages/node/7105139

Who is affected

IBM Tivoli Application Dependency Discovery Manager in versions 7.3.0.0 to 7.3.0.10 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • IBM Tivoli Application Dependency Discovery Manager

    APP
    Ibm
    7.3.0.0 – 7.3.0.11 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-47142HIGH7.5ten sam produkt

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the or...

CVE-2013-3017HIGH7.5ten sam produkt

IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easi...

CVE-2013-3023HIGH8.1ten sam produkt

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote...

CVE-2013-2974HIGH7.5ten sam produkt

The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows r...

CVE-2013-4002HIGH7.1ten sam produkt

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in ...