CVE Vulnerability

CVE-2022-34306

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435.

5.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/229435 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6601663 Patch Vendor Advisory
https://www.ibm.com/support/pages/node/6601659 Patch Vendor Advisory
Configurations

Configuration 1
Information

Published : 2022-07-08 05:15

Updated : 2022-07-16 12:20

NVD link : CVE-2022-34306

Mitre link : CVE-2022-34306

Products Affected
No products.
CWE
CWE-74