ByteOS Network

CVE Vulnerability Details :

CVE-2023-50963

PUBLISHED

More Info Official Page

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-19 Jan, 2024 | 01:30

Updated At-17 Jun, 2025 | 21:19

▼CVE Numbering Authority (CNA)

IBM Storage Defender HTTP HOST header injection

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.

Affected Products

Vendor

IBM Corporation

Product

Storage Defender - Data Protect

Default Status

unaffected

Versions

Affected

From 1.0.0 through 1.4.1 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-601	CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

Hyperlink	Resource
https://www.ibm.com/support/pages/node/7106918	vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/276101	vdb-entry

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.ibm.com/support/pages/node/7106918	vendor-advisory x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/276101	vdb-entry x_transferred

2. CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References