IBM16C48388BD3D0D0B6204A5C3D095C7CB308985FBEA31D776E4D60CBD6C5FC390Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2022-34165)
0.001 Low
EPSS
Percentile
18.8%
Summary
IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Vulnerability Details
CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM WebSphere Remote Server | 9.0, 8.5, 7.1, 7.0 |
Remediation/Fixes
Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM WebSphere Remote Server.
Principal Product and Version(s)
|
Affected Supporting Product and Version(s)
|
Affected Supporting Product Security Bulletin
—|—|—
IBM WebSphere Remote Server 9.0, 8.5, 7.1, 7.0
|
IBM WebSphere Application Server 9.0, 8.5, 8.0, 7.0
|
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| websphere remote server | eq | 9.0 | |
| websphere remote server | eq | 8.5 | |
| websphere remote server | eq | 7.1 | |
| websphere remote server | eq | 7.0 |
Related
0.001 Low
EPSS
Percentile
18.8%