CVE-2023-24975: Input Validation
First published: Thu Feb 23 2023(Updated: )
IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Symphony | =7.3.0 | |
| IBM Spectrum Symphony | <=7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for IBM Spectrum Symphony?
The vulnerability ID for IBM Spectrum Symphony is CVE-2023-24975.
What is the severity rating of CVE-2023-24975?
The severity rating of CVE-2023-24975 is medium with a CVSS score of 6.1.
What is the cause of the vulnerability in IBM Spectrum Symphony?
The vulnerability in IBM Spectrum Symphony is caused by improper validation of input by the HOST headers, leading to HTTP header injection.
What are the potential attacks that can be conducted using CVE-2023-24975?
An attacker can conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, and session hijacking.
How can I fix the vulnerability in IBM Spectrum Symphony?
To fix the vulnerability in IBM Spectrum Symphony, it is recommended to apply the latest security updates or patches provided by IBM.
- collector/nvd-index
- collector/ibm-support
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- vendor/ibm
- canonical/ibm spectrum symphony
- version/ibm spectrum symphony/7.3.0
- version/ibm spectrum symphony/7.3