CVE-2023-43052

Name of the Vulnerable Software and Affected Versions IBM Control Center versions 6.2.1 through 6.3.1

Description The issue is caused by improper validation of user-supplied input, allowing an external service interaction attack. A remote attacker could exploit this to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.

Recommendations For IBM Control Center versions 6.2.1 through 6.3.1, consider restricting the application's ability to perform server-side DNS lookups or HTTP requests to arbitrary domain names as a temporary workaround until a patch is available. Restrict access to external services to minimize the risk of exploitation.