CVE-2022-34165
First published: Fri Sep 09 2022(Updated: )
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Verify Access Docker | <=10.0.X | |
| IBM Security Verify Access | <=10.0.X | |
| Ibm Websphere Application Server | >=7.0.0.0<=7.0.0.45 | |
| Ibm Websphere Application Server | >=8.0.0.0<=8.0.0.15 | |
| Ibm Websphere Application Server | >=8.5.0.0<=8.5.5.22 | |
| Ibm Websphere Application Server | >=9.0.0.0<=9.0.5.13 | |
| Ibm Websphere Application Server | >=17.0.0.3<22.0.0.9 | |
| Apple macOS | ||
| HP HP-UX | ||
| IBM AIX | ||
| IBM i | ||
| Ibm Z\/os | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Oracle Solaris |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-34165?
CVE-2022-34165 is a vulnerability that affects IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0, as well as IBM WebSphere Application Server Liberty versions 17.0.0.3 through 22.0.0.9. It is caused by improper validation of HTTP headers and can allow various attacks against the system.
How severe is CVE-2022-34165?
CVE-2022-34165 has a severity rating of 5.4, which is considered medium.
How can I fix CVE-2022-34165?
To fix CVE-2022-34165, you should update your IBM WebSphere Application Server or IBM WebSphere Application Server Liberty to versions that are not affected by the vulnerability.
Where can I find more information about CVE-2022-34165?
You can find more information about CVE-2022-34165 on the IBM X-Force Exchange website and the IBM Support pages.
What is CWE-74?
CWE-74 refers to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').
- collector/ibm-support
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/tags
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm security verify access docker
- version/ibm security verify access docker/10.0.x
- canonical/ibm security verify access
- version/ibm security verify access/10.0.x
- canonical/ibm websphere application server
- version/ibm websphere application server/7.0.0.0
- version/ibm websphere application server/7.0.0.45
- version/ibm websphere application server/8.0.0.0
- version/ibm websphere application server/8.0.0.15
- version/ibm websphere application server/8.5.0.0
- version/ibm websphere application server/8.5.5.22
- version/ibm websphere application server/9.0.0.0
- version/ibm websphere application server/9.0.5.13
- version/ibm websphere application server/17.0.0.3
- vendor/apple
- canonical/apple macos
- vendor/hp
- canonical/hp hp-ux
- canonical/ibm aix
- canonical/ibm i
- canonical/ibm z\/os
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle solaris