CVE-2023-43052

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

IBM Control Center 6.2.1 a 6.3.1 es vulnerable a un ataque de interacción con servicios externos, provocado por una validación incorrecta de la entrada proporcionada por el usuario. Un atacante remoto podría aprovechar esta vulnerabilidad para inducir a la aplicación a realizar búsquedas de DNS del lado del servidor o solicitudes HTTP a nombres de dominio arbitrarios. Al enviar payloads adecuados, un atacante puede hacer que el servidor de aplicaciones ataque otros sistemas con los que puede interactuar.