The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-24T00:00:00
Updated: 2024-08-02T16:37:41.269Z
Reserved: 2023-06-21T00:00:00
Link: CVE-2023-36085
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-25T18:17:28.223
Modified: 2024-11-21T08:09:15.903
Link: CVE-2023-36085
Redhat
No data.