PT-2022-22034 · Ibm · Ibm Websphere Application Server Liberty+1
Published
2022-09-09
·
Updated
2023-08-08
·
CVE-2022-34165
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Application Server versions 7.0 through 9.0
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.9
Description
The issue is caused by improper validation, leading to HTTP header injection. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.
Recommendations
For IBM WebSphere Application Server versions 7.0 through 9.0, update to a version that includes the fix for this issue.
For IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.9, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to vulnerable API endpoints to minimize the risk of exploitation.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Application Server
Ibm Websphere Application Server Liberty