{ "id": "CVE-2022-36775", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-02-17T17:15:11.137", "lastModified": "2023-11-07T03:49:40.850", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 2.5 }, { "source": "psirt@us.ibm.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 2.5 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-74" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C73F59EB-1DCF-40E6-8E74-411F2E24527A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D01451C-DAEF-4F0A-86CE-5EE40E3DE073" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E5E050F-CF03-471E-9611-37711C9FA446" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7763712B-5716-434D-AA59-02102F8A25D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DC8EAED-20A4-4A09-BB5F-60ABE3938EF8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD986F9E-F28D-431F-A038-54E2E7CD4E31" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE19CE57-7453-4CDA-B85B-DD16296C2C17" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "50C3BD53-FDEE-4C59-ABC3-4B40CA35C32E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B23D4DE5-CA3C-4BBA-9DC2-F322D210470B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "39439FD4-A91F-473A-8FF8-BE48C51BCC32" } ] } ] } ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576", "source": "psirt@us.ibm.com", "tags": [ "VDB Entry", "Vendor Advisory" ] }, { "url": "https://www.ibm.com/support/pages/node/6953617", "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ] } ] }