CVE-2023-26788
Published Apr 10, 2023
Last updated 2 years ago
Overview
- Description
- Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:4.1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1616D977-27C1-4AC7-B9DD-CA88EEDC3620"
}
],
"operator": "OR"
}
]
}
]