5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%
There is a vulnerability which is related to HTTP injection in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 used by CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway Desktop Edition has addressed the applicable CVE.
CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
CICS Transaction Gateway Desktop Edition | 9.3 |
CICS Transaction Gateway Desktop Edition | 9.2 |
CICS Transaction Gateway Desktop Edition | 9.1 |
Apply the applicable CICS Transaction Gateway Desktop Editions APAR below.
Product
|
VRMF
|
APAR
|
Remediation / First Fix
—|—|—|—
CICS Transaction Gateway Desktop Edition for Multiplatforms| 9.1.0.3| PH51694| All Platforms Link
CICS Transaction Gateway Desktop Edition for Multiplatforms| 9.2.0.2| PH51694|
CICS Transaction Gateway Desktop Edition for Multiplatforms| 9.3.0.0| PH51694|
None
CPE | Name | Operator | Version |
---|---|---|---|
cics transaction gateway | eq | 9.1 | |
cics transaction gateway | eq | 9.2 | |
cics transaction gateway | eq | 9.3 |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
19.6%