Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA43ED050B0A8BA50628B061C88BE3D4D370ECDA9ED7B4DE9B961B9547F8E8242
HistoryMar 08, 2023 - 12:25 p.m.

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

2023-03-0812:25:31
www.ibm.com
14

0.001 Low

EPSS

Percentile

18.8%

JSON

Summary

There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition 9.1
IBM CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition 9.2
IBM CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition 9.3

Remediation/Fixes

Apply the applicable CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition APAR below:

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—

CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition

| 9.0| PSIRT fixes for CICS Transaction Gateway 9.0 will be provided only for extended support customers with request through Salesforce case| PSIRT fixes for CICS Transaction Gateway 9.0 will be provided only for extended support customers with request through Salesforce case
CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition| 9.1.0.3| PH51694| All Platforms Link
CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition| 9.2.0.2| PH51694|

All Platforms Link

CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition| 9.3.0.0| PH51694|

AIX Link

pLinux Link

Windows Link

iLinux Link

zLinux Link

x86 Container Link

390x Container Link

Workarounds and Mitigations

None

Related

ibm 89
prion 1
cve 1
cvelist 1
nessus 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2022-34165).
2022-12-28 08:58:51
Security Bulletin: Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 affecting CICS Transaction Gateway Desktop Edition
2023-01-10 10:20:16
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Tivoli Business Service Manager, is vulnerable to HTTP header injection (CVE-2022-34165)
2022-12-06 16:11:54
prion
prion
Cross site scripting
2022-09-09 16:15:00
cve
cve
CVE-2022-34165
2022-09-09 16:15:00
cvelist
cvelist
CVE-2022-34165
2022-09-07 00:00:00
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6986505)
2023-05-12 00:00:00

0.001 Low

EPSS

Percentile

18.8%

JSON
Related for A43ED050B0A8BA50628B061C88BE3D4D370ECDA9ED7B4DE9B961B9547F8E8242
ibm89prion1cve1cvelist1nessus1