IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.
The application improperly validates input data contained in the HTTP HOST header sent by the client. An attacker can inject malicious data into the header, thereby manipulating server responses. This mechanism enables attacks such as XSS (cross-site scripting), cache poisoning, or session hijacking (user session takeover). The attack does not require authentication or interaction from the victim.
An attacker can hijack user sessions (session hijacking), inject malicious scripts (XSS) executed in the context of the victim's browser, or poison the cache (cache poisoning), which can lead to compromise of confidentiality, integrity, and availability of the system.
Patches available from the manufacturer should be applied according to the references — patch details available at: https://www.ibm.com/support/pages/node/7105139
IBM Tivoli Application Dependency Discovery Manager in versions 7.3.0.0 to 7.3.0.10 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HIBM Tivoli Application Dependency Discovery Manager
APPIbm7.3.0.0 – 7.3.0.11 (bez)
Related vulnerabilities
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the or...
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easi...
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote...
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows r...
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in ...