CVE-2021-43106

Name of the Vulnerable Software and Affected Versions Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) version 5.3.33.3 F38 Compass Plus TranzWare Online FIMI Web Interface FIMI version 4.2.19.4 25

Description A Header Injection issue exists, allowing manipulation of the HTTP host header, which can cause the application to behave unexpectedly. The server trusts the Host header without proper validation or escaping, enabling an attacker to redirect users to a malicious domain or webpage, potentially leading to further attacks.

Recommendations For version 5.3.33.3 F38, consider implementing proper validation and escaping of the Host header to prevent manipulation. For version 4.2.19.4 25, restrict access to the HTTP host header or disable it until a patch is available. As a temporary workaround, consider restricting the Host header in the HTTP request to minimize the risk of exploitation.