CVE-2023-47143

CRITICAL

IBM Tivoli Application Dependency Discovery Manager < 7.3.0.11 - XSS

Title source: rule

Description

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.

References (2)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7105139

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/270270

Scores

CVSS v3 10.0

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-644 CWE-116

Status published

Products (1)

ibm/tivoli_application_dependency_discovery_manager 7.3.0.0 - 7.3.0.11

Published Feb 02, 2024

Tracked Since Feb 18, 2026