IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM WebSphere Remote Server | 9.0, 8.5, 7.1, 7.0 |
Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM WebSphere Remote Server.
Principal Product and Version(s)
|
Affected Supporting Product and Version(s)
|
Affected Supporting Product Security Bulletin
—|—|—
IBM WebSphere Remote Server 9.0, 8.5, 7.1, 7.0
|
IBM WebSphere Application Server 9.0, 8.5, 8.0, 7.0
|
None
CPE | Name | Operator | Version |
---|---|---|---|
websphere remote server | eq | 9.0 | |
websphere remote server | eq | 8.5 | |
websphere remote server | eq | 7.1 | |
websphere remote server | eq | 7.0 |