CVE-2023-45190: IBM Engineering Lifecycle Optimization HTTP header injection
First published: Wed Feb 07 2024(Updated: )
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Pub | <=7.0.3 | |
| IBM Pub | <=7.0.2 | |
| IBM Engineering Lifecycle Optimization | =7.0.2 | |
| IBM Engineering Lifecycle Optimization | =7.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/type
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm pub
- version/ibm pub/7.0.3
- version/ibm pub/7.0.2
- canonical/ibm engineering lifecycle optimization
- version/ibm engineering lifecycle optimization/7.0.2
- version/ibm engineering lifecycle optimization/7.0.3