Lucene search

IbmCVELIST:CVE-2022-22344

HistoryMar 14, 2022 - 4:45 p.m.

CVE-2022-22344

2022-03-1416:45:21

ibm

www.cve.org

ibm spectrum copy data management

http header injection

vulnerability

cross-site scripting

cache poisoning

session hijacking

ibm x-force id

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

26.9%

JSON

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038

CNA Affected

[
  {
    "product": "Spectrum Copy Data Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.0.0"
      },
      {
        "status": "affected",
        "version": "2.2.14.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/220038

www.ibm.com/support/pages/node/6562479

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

26.9%

JSON

Related for CVELIST:CVE-2022-22344