Lucene search

K
ibmIBM9A511641DC74E747784E32039970625202F7327F66AA401254C73044BB32D4E5
HistoryOct 07, 2022 - 4:18 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-34165)

2022-10-0716:18:24
www.ibm.com
5
ibm
websphere
application server
business monitor
vulnerability
http header injection
cve-2022-34165

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

19.6%

Summary

IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

**CVEID:**CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Monitor 8.5.5
IBM Business Monitor 8.5.6
IBM Business Monitor 8.5.7

Remediation/Fixes

Please consult the security bulletin IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165) vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmbusiness_monitorMatch8.5.5
OR
ibmbusiness_monitorMatch8.5.6
OR
ibmbusiness_monitorMatch8.5.7
VendorProductVersionCPE
ibmbusiness_monitor8.5.5cpe:2.3:a:ibm:business_monitor:8.5.5:*:*:*:*:*:*:*
ibmbusiness_monitor8.5.6cpe:2.3:a:ibm:business_monitor:8.5.6:*:*:*:*:*:*:*
ibmbusiness_monitor8.5.7cpe:2.3:a:ibm:business_monitor:8.5.7:*:*:*:*:*:*:*

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

19.6%

Related for 9A511641DC74E747784E32039970625202F7327F66AA401254C73044BB32D4E5