IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6618747 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-74 |
14 Sep 2022, 18:25
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 - VDB Entry, Vendor Advisory | |
| References | (CONFIRM) https://www.ibm.com/support/pages/node/6618747 - Patch, Vendor Advisory | |
| CWE | CWE-20 | |
| CPE | cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:liberty:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
09 Sep 2022, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-09-09 16:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-34165
Mitre link : CVE-2022-34165
CVE.ORG link : CVE-2022-34165
JSON object : View
Products Affected
microsoft
- windows
ibm
- i
- aix
- websphere_application_server
- z\/os
oracle
- solaris
linux
- linux_kernel
apple
- macos
hp
- hp-ux
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')