CVE-2023-43052

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7185102	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:control_center:6.2.1.0:::::::*
	cpe:2.3:a:ibm:control_center:6.3.1.0:::::::*

History

19 Jun 2025, 00:11

Type	Values Removed	Values Added
First Time		Ibm control Center Ibm
References	~~() https://www.ibm.com/support/pages/node/7185102 -~~	() https://www.ibm.com/support/pages/node/7185102 - Vendor Advisory
CPE		cpe:2.3:a:ibm:control_center:6.2.1.0:::::::* cpe:2.3:a:ibm:control_center:6.3.1.0:::::::*
Summary		(es) IBM Control Center 6.2.1 a 6.3.1 es vulnerable a un ataque de interacción con servicios externos, provocado por una validación incorrecta de la entrada proporcionada por el usuario. Un atacante remoto podría aprovechar esta vulnerabilidad para inducir a la aplicación a realizar búsquedas de DNS del lado del servidor o solicitudes HTTP a nombres de dominio arbitrarios. Al enviar payloads adecuados, un atacante puede hacer que el servidor de aplicaciones ataque otros sistemas con los que puede interactuar.

07 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-07 17:15

Updated : 2025-06-19 00:11

NVD link : CVE-2023-43052

Mitre link : CVE-2023-43052

CVE.ORG link : CVE-2023-43052

JSON object : View

Products Affected

ibm

control_center

CWE

CWE-435

Improper Interaction Between Multiple Correctly-Behaving Entities

{"id": "CVE-2023-43052", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-03-07T17:15:18.060", "references": [{"url": "https://www.ibm.com/support/pages/node/7185102", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-435"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-435"}]}], "descriptions": [{"lang": "en", "value": "IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with."}, {"lang": "es", "value": "IBM Control Center 6.2.1 a 6.3.1 es vulnerable a un ataque de interacci\u00f3n con servicios externos, provocado por una validaci\u00f3n incorrecta de la entrada proporcionada por el usuario. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para inducir a la aplicaci\u00f3n a realizar b\u00fasquedas de DNS del lado del servidor o solicitudes HTTP a nombres de dominio arbitrarios. Al enviar payloads adecuados, un atacante puede hacer que el servidor de aplicaciones ataque otros sistemas con los que puede interactuar."}], "lastModified": "2025-06-19T00:11:36.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86853A4E-905D-46A9-BF43-6D6117AA2442"}, {"criteria": "cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C510A28-7CFF-414B-A740-13A71CB97271"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}