CVE-2022-39163HTTP Request Smuggling in IBM Cognos Controller

CWE-444HTTP Request Smuggling3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.2%
top 62.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cognos ControllerIBM Controller
Timeline
PublishedMar 26

Description

IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages4 packages

CVEListV5ibm/cognos_controller11.0.011.0.1
NVDibm/cognos_controller11.0.011.0.1
CVEListV5ibm/controller11.1.0
NVDibm/controller11.1.0

🔴Vulnerability Details

2
GHSA
GHSA-666m-w6mw-m583: IBM Cognos Controller 112025-03-26
CVEList
IBM Cognos Controller HTTP response smuggling2025-03-26
CVE-2022-39163 — HTTP Request Smuggling in IBM | cvebase