CVE-2023-26289

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 30, 2024
Updated: Aug 13, 2024
CWE ID 644
CWE ID 116

Summary

CVE-2023-26289 is a newly identified vulnerability affecting IBM Aspera Orchestrator version 4.0.1. The issue stems from insufficient validation of HOST headers, leading to HTTP header injection. An attacker can exploit this vulnerability to execute various malicious activities, such as cross-site scripting, cache poisoning, or session hijacking. IBM X-Force has assigned the ID 248478 to this security concern.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share