PT-2023-13546 · Unknown · Dast Analyzer

Philip Cunningham

Publicado

2023-03-09

Atualizado

2025-02-28

CVE-2022-3767

CVSS v3.1

7.7

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions DAST analyzer versions 1.11.0 through 3.0.32

Description The issue is related to missing validation in the DAST analyzer, which allows custom request headers to be sent with every request, regardless of the host. This affects all versions from 1.11.0 prior to 3.0.32.

Recommendations For versions 1.11.0 through 3.0.32, update to a version 3.0.32 or later to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2022-3767

Produtos afetados

Dast Analyzer

PT-2023-13546 · Unknown · Dast Analyzer

CVE-2022-3767

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11