CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:linux_on_ibm_z:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-20 CWE-79

18 Feb 2023, 20:46

Type Values Removed Values Added
New CVE

Information

Published : 2023-02-08 19:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-34362

Mitre link : CVE-2022-34362

CVE.ORG link : CVE-2022-34362


JSON object : View

Products Affected

microsoft

  • windows

ibm

  • linux_on_ibm_z
  • sterling_secure_proxy
  • aix

linux

  • linux_kernel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')