Lucene search

K
ibmIBMA96642AE557F3314DE35F31CC14054AC993E9A64181F3A4FC8B0F01BF7606C71
HistoryJan 10, 2023 - 10:20 a.m.

Security Bulletin: Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 affecting CICS Transaction Gateway Desktop Edition

2023-01-1010:20:16
www.ibm.com
7

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.6%

Summary

There is a vulnerability which is related to HTTP injection in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 used by CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway Desktop Edition has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-34165
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
CICS Transaction Gateway Desktop Edition 9.3
CICS Transaction Gateway Desktop Edition 9.2
CICS Transaction Gateway Desktop Edition 9.1

Remediation/Fixes

Apply the applicable CICS Transaction Gateway Desktop Editions APAR below.

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—
CICS Transaction Gateway Desktop Edition for Multiplatforms| 9.1.0.3| PH51694| All Platforms Link
CICS Transaction Gateway Desktop Edition for Multiplatforms| 9.2.0.2| PH51694|

All Platforms Link

CICS Transaction Gateway Desktop Edition for Multiplatforms| 9.3.0.0| PH51694|

AIX Link

pLinux Link

Windows Link

iLinux Link

zLinux Link

x86 Container Link

390x Container Link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_transaction_gatewayMatch9.1
OR
ibmcics_transaction_gatewayMatch9.2
OR
ibmcics_transaction_gatewayMatch9.3

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

19.6%

Related for A96642AE557F3314DE35F31CC14054AC993E9A64181F3A4FC8B0F01BF7606C71