Vulnerability Description
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sisqualwfm | Sisqualwfm | >= 7.1.319.103, < 7.1.319.111 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-
- https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-HeaderExploitThird Party Advisory
- http://packetstormsecurity.com/files/176991/SISQUAL-WFM-7.1.319.103-Host-Header-
- https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-HeaderExploitThird Party Advisory
FAQ
What is CVE-2023-36085?
CVE-2023-36085 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can ch...
How severe is CVE-2023-36085?
CVE-2023-36085 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36085?
Check the references section above for vendor advisories and patch information. Affected products include: Sisqualwfm Sisqualwfm.