CVE-2023-36085: The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By ...

Description

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.51%

39.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-601

Affected Software

Vendor	Product	Versions
Sisqualwfm	Sisqualwfm	>= 7.1.319.103, < 7.1.319.111

References

Timeline

Published: Oct 25, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-36085?

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.

How severe is CVE-2023-36085?

CVE-2023-36085 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.51% probability of exploitation in the next 30 days.

How do I fix CVE-2023-36085?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.