CVE-2023-35894

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/03/2025
Last modified:
13/03/2025

Description

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:sterling_control_center:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_control_center:6.3.1:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools