CVE-2022-37953: WorkstationST - Response Splitting in AM Gateway Challenge-Response
First published: Thu Aug 25 2022(Updated: )
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
Credit: GEPowerCVD@ge.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Workstationst | <07.09.15 |
Remedy
Upgrade to Workstation >= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-37953?
CVE-2022-37953 is an HTTP response splitting vulnerability in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15).
How does CVE-2022-37953 impact my system?
CVE-2022-37953 could allow an attacker to compromise a victim's browser/session.
Which software versions are affected by CVE-2022-37953?
WorkstationST versions up to exclusive v07.09.15 are affected by CVE-2022-37953.
What is the severity of CVE-2022-37953?
CVE-2022-37953 has a severity keyword of 'medium' and a severity value of 6.1.
How can I mitigate CVE-2022-37953?
To mitigate CVE-2022-37953, it is recommended to update WorkstationST to a version beyond v07.09.15 as soon as it becomes available.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/ge
- canonical/ge workstationst