There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway has addressed the applicable CVE.
CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition | 9.1 |
IBM CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition | 9.2 |
IBM CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition | 9.3 |
Apply the applicable CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition APAR below:
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition
| 9.0| PSIRT fixes for CICS Transaction Gateway 9.0 will be provided only for extended support customers with request through Salesforce case| PSIRT fixes for CICS Transaction Gateway 9.0 will be provided only for extended support customers with request through Salesforce case
CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition| 9.1.0.3| PH51694| All Platforms Link
CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition| 9.2.0.2| PH51694|
All Platforms Link
CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway for Desktop Edition| 9.3.0.0| PH51694|
None
CPE | Name | Operator | Version |
---|---|---|---|
cics transaction gateway | eq | 9.1 | |
cics transaction gateway | eq | 9.2 | |
cics transaction gateway | eq | 9.3 |