CVE-2022-34165

CWE-74CWE-20Improper Input Validation3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 45.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Websphere Application ServerIBM Websphere Application Server Liberty
Timeline
PublishedSep 9
Latest updateSep 10

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

CVEListV5ibm/websphere_application_server_liberty17.0.0.3, 22.0.0.9+1
NVDibm/websphere_application_server17.0.0.322.0.0.9+4
CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-76w3-wr72-rh8j: IBM WebSphere Application Server 72022-09-10
CVEList
CVE-2022-34165: IBM WebSphere Application Server 72022-09-09
CVE-2022-34165 (MEDIUM CVSS 5.4) | IBM WebSphere Application Server 7. | cvebase.io