PT-2023-13546 · Unknown · Dast Analyzer
Philip Cunningham
·
Published
2023-03-09
·
Updated
2025-02-28
·
CVE-2022-3767
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DAST analyzer versions 1.11.0 through 3.0.32
Description
The issue is related to missing validation in the DAST analyzer, which allows custom request headers to be sent with every request, regardless of the host. This affects all versions from 1.11.0 prior to 3.0.32.
Recommendations
For versions 1.11.0 through 3.0.32, update to a version 3.0.32 or later to resolve the issue.
At the moment, there is no information about other specific fixes for this vulnerability.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dast Analyzer