CVE-2023-43052

MEDIUM

IBM Control Center 6.2.1-6.3.1 - SSRF

Title source: llm

Description

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7185102

Scores

CVSS v3 5.3

EPSS 0.0023

EPSS Percentile 46.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-435

Status published

Products (2)

ibm/control_center 6.2.1.0

ibm/control_center 6.3.1.0

Published Mar 07, 2025

Tracked Since Feb 18, 2026