CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.

Published: Sep 9, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-34165
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-74
CWE-20

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	7.0.0.0	7.0.0.45.x
ibm / websphere_application_server	8.0.0.0	8.0.0.15.x
ibm / websphere_application_server	8.5.0.0	8.5.5.22.x
ibm / websphere_application_server	9.0.0.0	9.0.5.13.x
ibm / websphere_application_server	17.0.0.3	22.0.0.9

https://exchange.xforce.ibmcloud.com/vulnerabilities/229429
https://www.ibm.com/support/pages/node/6618747

Vulnerability Database

289,697

CVE-2022-34165