Vulnerability Description
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Storage Defender Data Protect | >= 1.0.0, <= 1.4.1 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/276101VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/7106918Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/276101VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/7106918Vendor Advisory
FAQ
What is CVE-2023-50963?
CVE-2023-50963 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct var...
How severe is CVE-2023-50963?
CVE-2023-50963 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50963?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Storage Defender Data Protect.