CVE-2022-38114
published 2022-11-23CVE-2022-38114: This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.51%
39.6th percentile
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | security_event_manager | < 2022.4 | 2022.4 |
| solarwinds | solarwinds_sem | >= 2022.2 and previous versions < 2022.4 | 2022.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SolarWinds SEM up to 2022.2 HTTP Request Content-Length cross site scripting (EUVD-2022-40716)
vuldb·2026-06-22·CVSS 6.1
CVE-2022-38114 [MEDIUM] SolarWinds SEM up to 2022.2 HTTP Request Content-Length cross site scripting (EUVD-2022-40716)
A vulnerability was found in SolarWinds SEM up to 2022.2. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. This manipulation of the argument Content-Length causes cross site scripting.
This vulnerability is handled as CVE-2022-38114. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-p6xj-9vgw-4xp9: This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests
ghsa_unreviewed·2022-11-23
CVE-2022-38114 [MEDIUM] CWE-444 GHSA-p6xj-9vgw-4xp9: This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2022-4_release_notes.htmhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38114
2022-11-23
Published