CVE-2023-26788
moderate-risk
Published 2023-04-10
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
Do I need to act?
-
0.58% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Vendor Advisory
https://github.com/IthacaLabs/Veritas-Technologies
Vendor Advisory
https://github.com/IthacaLabs/Veritas-Technologies
30
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal