Overview
- Description
- The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-601
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sisqualwfm:sisqualwfm:*:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "2E2D8E46-F675-48EC-99D0-2F4A30BB9C32",
"versionEndExcluding": "7.1.319.111",
"versionStartIncluding": "7.1.319.103"
}
],
"operator": "OR"
}
]
}
]