PT-2020-13300 · Seczetta · Seczetta Neprofile
Published
2020-08-26
·
Updated
2020-09-01
·
CVE-2020-12855
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SecZetta NEProfile version 3.3.11
Description
A Host header injection issue has been found, allowing authenticated remote adversaries to manipulate the Host header, which can result in controlling the execution flow for the 302 HTTP status.
Recommendations
For SecZetta NEProfile version 3.3.11, consider restricting access to authenticated remote connections to minimize the risk of exploitation until a patch is available.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seczetta Neprofile