HTTP Header Injection Vulnerability in IBM CICS TX 11.1
CVE-2022-34163

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Cics Tx Standard
Cics Tx Advanced
Vendor
CVE Published:
29 July 2022

Summary

IBM CICS TX 11.1 has a vulnerability due to inadequate validation of HOST headers, permitting attackers to inject malicious HTTP headers. This flaw can result in various attacks such as cross-site scripting, cache poisoning, or session hijacking, potentially compromising sensitive data and system integrity. Users are advised to review the security updates from IBM to mitigate these risks.

Affected Version(s)

CICS TX Advanced 11.1

CICS TX Standard 11.1

References

https://www.ibm.com/support/pages/node/6608200
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6608202
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/229333
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.