CVE-2023-47143— IBM Tivoli Application Dependency Discovery Manager HOST header injection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-47143
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IBM Tivoli Application Dependency Discovery Manager HOST header injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对HTTP头部进行脚本语法转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
IBM Tivoli Application Dependency Discovery Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
IBM Tivoli Application Dependency Discovery Manager(TADDM)是美国国际商业机器(IBM)公司的一套IT服务管理解决方案中的产品。该产品提供了健全的自动化应用程序映射和发现,帮助管理员了解业务应用程序的结构、状态、配置和变更历史记录。 IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 版本到 7.3.0.10 版本存在安全漏洞,该漏洞源于 HOST 标头对输入的验证不正确。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| IBM | Tivoli Application Dependency Discovery Manager | 7.3.0.0 ~ 7.3.0.10 | - |
II. Public POCs for CVE-2023-47143
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-47143
请登录查看更多情报信息。
- https://www.ibm.com/support/pages/node/7105139vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-47143
Same Patch Batch · IBM · 2024-02-02 · 25 CVEs total
| CVE-2024-22320 | 9.8 CRITICAL | IBM Operational Decision Manager code execution |
| CVE-2024-22319 | 8.1 HIGH | IBM Operational Decision Manager JDNI injection |
| CVE-2023-38019 | 8.1 HIGH | IBM SOAR QRadar Plugin App directory traversal |
| CVE-2023-47142 | 7.5 HIGH | IBM Tivoli Application Dependency Discovery Manager privilege escalation |
| CVE-2023-50326 | 7.5 HIGH | IBM PowerSC information Disclosure |
| CVE-2023-38273 | 7.5 HIGH | IBM Cloud Pak System information disclosure |
| CVE-2023-50938 | 6.5 MEDIUM | IBM PowerSC clickjacking |
| CVE-2023-50935 | 6.5 MEDIUM | IBM PowerSC forced browsing |
| CVE-2023-32333 | 6.5 MEDIUM | IBM Maximo Asset Management improper access control |
| CVE-2023-38263 | 6.5 MEDIUM | IBM SOAR QRadar Plugin App improper access controls |
| CVE-2023-50941 | 6.3 MEDIUM | IBM PowerSC session fixation |
| CVE-2023-50936 | 6.3 MEDIUM | IBM PowerSC session fixation |
| CVE-2023-47144 | 6.1 MEDIUM | IBM Tivoli Application Dependency Discovery Manager cross-site scripting |
| CVE-2023-50933 | 6.1 MEDIUM | IBM PowerSC HTML injection |
| CVE-2023-50962 | 5.9 MEDIUM | IBM PowerSC information disclosure |
| CVE-2023-50937 | 5.9 MEDIUM | IBM PowerSC information disclosure |
| CVE-2023-47148 | 5.3 MEDIUM | IBM Storage Protect Plus Server information disclosure |
| CVE-2023-50934 | 5.3 MEDIUM | IBM PowerSC improper authentication |
| CVE-2023-50940 | 5.3 MEDIUM | IBM PowerSC cross-resource origin sharing |
| CVE-2023-50327 | 5.3 MEDIUM | IBM PowerSC weak security |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Tivoli Application Dependency Discovery Manager
- CVE-2025-23227
IBM Tivoli Application Dependency Discovery Manager cross-si - CVE-2023-47142
IBM Tivoli Application Dependency Discovery Manager privileg - CVE-2023-47144
IBM Tivoli Application Dependency Discovery Manager cross-si - CVE-2018-1675
IBM Tivoli Application Dependency Discovery Manager 信息泄露漏洞 - CVE-2018-1455
IBM Tivoli Application Dependency Discovery Manager 跨站请求伪造漏洞
Same vendor: IBM
- CVE-2026-1577
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-36122
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-14688
IBM® Db2® is vulnerable to a denial of service when fetching - CVE-2026-2311
IBM i is affected by a privilege escalation vulnerability in - CVE-2025-36180
Inadequate Pod Communication Restrictions, affects watsonx.d
Same weakness: CWE-644
- CVE-2026-33805
@fastify/reply-from vulnerable to connection header abuse en - CVE-2025-66485
Multiple vulnerabilities have been addressed in IBM Aspera S - CVE-2026-33149
Tandoor Recipes Vulnerable to Host Header Injection - CVE-2025-14807
IBM InfoSphere Information Server is vulnerable to HTTP head - CVE-2025-13213
Multiple vulnerabilities in IBM Aspera Orchestrator
V. Comments for CVE-2023-47143
No comments yet