Summary IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Vulnerability Details ** CVEID: CVE-2015-5739 DESCRIPTION: **Go is vulnerable to HTTP request smuggling, caused by a flaw in net/http library in net/textproto/reader.go. By sending a specially-crafted HTTP request with a space instead of a hyphen, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133655 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: CVE-2016-5386 DESCRIPTION: **Google Go net/http package could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, an attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the "HTTPOXY" vulnerability. CVSS Base score: 8.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/115089 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: CVE-2023-45287 DESCRIPTION: **Golang Go could allow a remote attacker to obtain sensitive…Read More