CVE-2022-34163 - Vulnerability Details - OpenCVE

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Cics Tx

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cics_tx:11.1::::advanced:::
	cpe:2.3:a:ibm:cics_tx:11.1::::standard:::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/229333
https://www.ibm.com/support/pages/node/6608200
https://www.ibm.com/support/pages/node/6608202

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-08-01T15:41:08.760486Z

Updated: 2024-09-16T17:47:57.765Z

Reserved: 2022-06-20T00:00:00

Link: CVE-2022-34163

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-01T16:15:07.230

Modified: 2024-11-21T07:08:58.767

Link: CVE-2022-34163

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CICS TX Standard", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}, {"product": "CICS TX Advanced", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}], "datePublic": "2022-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:L/UI:N/S:U/AC:L/A:N/I:L/C:L/AV:N/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T15:41:08", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6608200"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6608202"}, {"name": "ibm-cics-cve202234163-header-injection (229333)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229333"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-29T00:00:00", "ID": "CVE-2022-34163", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CICS TX Standard", "version": {"version_data": [{"version_value": "11.1"}]}}, {"product_name": "CICS TX Advanced", "version": {"version_data": [{"version_value": "11.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6608200", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6608200 (CICS TX Standard)", "url": "https://www.ibm.com/support/pages/node/6608200"}, {"name": "https://www.ibm.com/support/pages/node/6608202", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6608202 (CICS TX Advanced)", "url": "https://www.ibm.com/support/pages/node/6608202"}, {"name": "ibm-cics-cve202234163-header-injection (229333)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229333"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:17.195Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6608200"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6608202"}, {"name": "ibm-cics-cve202234163-header-injection (229333)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229333"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-34163", "datePublished": "2022-08-01T15:41:08.760486Z", "dateReserved": "2022-06-20T00:00:00", "dateUpdated": "2024-09-16T17:47:57.765Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333."}, {"lang": "es", "value": "IBM CICS TX versi\u00f3n 11.1, es vulnerable a la inyecci\u00f3n de cabeceras HTTP, causada por la incorrecta comprobaci\u00f3n de la entrada de los encabezados HOST. Esto podr\u00eda permitir a un atacante llevar a cabo varios ataques contra el sistema vulnerable, incluyendo de tipo cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. IBM X-Force ID: 229333"}], "id": "CVE-2022-34163", "lastModified": "2024-11-21T07:08:58.767", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T16:15:07.230", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229333"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608200"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229333"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608202"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}