Vulnerabilities > CVE-2023-43052

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

CWE-435

NVD

Published: 2025-03-07

Updated: 2025-03-07

Summary

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

Common Weakness Enumeration (CWE)

CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

References

https://www.ibm.com/support/pages/node/7185102

Vulnerabilities > CVE-2023-43052 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-43052"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2023-43052