CVE-2022-34165
MEDIUMIBM WebSphere Application Server <22.0.0.9 - HTTP Header Injection
Title source: llmDescription
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6618747
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/229429
Scores
CVSS v3
5.4
EPSS
0.0024
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-74
Status
published
Products (2)
ibm/websphere_application_server
17.0.0.3 - 22.0.0.9
ibm/websphere_application_server
7.0.0.0 - 7.0.0.45
Published
Sep 09, 2022
Tracked Since
Feb 18, 2026