WebSphere Application Server Liberty is vulnerable to HTTP header injection (CVE-2022-34165). This has been addressed.
CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 |
IBM Workload Scheduler | 10.1 |
APAR IJ45098 has been opened to address CVE-2022-34165 that is affecting IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 containers.
APAR IJ45098 has been included in IBM Workload Scheduler 9.5.0.6 Security Update and IBM Workload Scheduler 10.1.0.1, and are available on FixCentral.
None