CVE-2023-47143 – IBM Tivoli Application Dependency Discovery Man... (How to Fix)

Q: What is the severity of CVE-2023-47143?

CVE-2023-47143 has a CVSS score of 10.0 (CRITICAL). IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious HTTP headers, potentially leading to cross-site scripting, cache poisoning, or session hijacking attacks. Organizations running affected versions of this IBM application discovery and dependency management software are at risk.

📋 TL;DR

IBM Tivoli Application Dependency Discovery Manager versions 7.3.0.0 through 7.3.0.10 are vulnerable to HTTP header injection due to improper validation of HOST headers. This allows attackers to inject malicious HTTP headers, potentially leading to cross-site scripting, cache poisoning, or session hijacking attacks. Organizations running affected versions of this IBM application discovery and dependency management software are at risk.

💻 Affected Systems

Products:

IBM Tivoli Application Dependency Discovery Manager

Versions: 7.3.0.0 through 7.3.0.10

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Tivoli Application Dependency Discovery Manager by Ibm

View all CVEs affecting Tivoli Application Dependency Discovery Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through session hijacking leading to administrative access, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Session hijacking leading to unauthorized access to sensitive application data and configuration information.

🟢

If Mitigated

Limited impact with proper network segmentation, WAF filtering, and monitoring in place.

🌐 Internet-Facing: HIGH - HTTP header injection can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

HTTP header injection typically requires minimal technical skill to exploit once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.3.0.11 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7105139

Restart Required: Yes

Instructions:

1. Download IBM Tivoli Application Dependency Discovery Manager 7.3.0.11 or later from IBM Fix Central. 2. Backup current installation and data. 3. Apply the update following IBM's installation guide. 4. Restart the application services.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Filtering

all

Configure WAF rules to filter and validate HOST headers, blocking malicious header injection attempts.

Network Segmentation

all

Restrict network access to TADDM instances to only authorized management networks and users.

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted sources only
Deploy a web application firewall with specific rules to detect and block HTTP header injection attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version via the TADDM web interface or configuration files. If version is between 7.3.0.0 and 7.3.0.10 inclusive, the system is vulnerable.

Check Version:

Check the TADDM installation directory for version information or use the web interface's about/version page.

Verify Fix Applied:

Verify the version is 7.3.0.11 or later and test that malicious HOST headers are properly rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual HOST header patterns in web server logs
Multiple failed authentication attempts following header manipulation

Network Indicators:

HTTP requests with malformed or unusually long HOST headers
Unexpected redirects or cache manipulation

SIEM Query:

source="taddm_web_logs" AND (HOST HEADER CONTAINS "\r\n" OR HOST HEADER LENGTH > 1000)

📊 Metadata

CVE ID: CVE-2023-47143

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-644

Published: February 2, 2024

Last Updated: November 21, 2024

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7105139 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 VDB Entry,Vendor Advisory
https://www.ibm.com/support/pages/node/7105139 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47143, you might also want to check these: