216.73.217.50

CVE-2023-26289

· Published 30/07/2024 17:15 · Modified 30/07/2024 17:15

Labels: CVE-2023-26289 2024-07-30CVE-2023-26289CWE-644[email protected]

Essential information

Published
30/07/2024 17:15
Modified
30/07/2024 17:15
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References