IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6953617 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
Summary | IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576. |
25 Feb 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.4.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
First Time |
Ibm
Ibm security Verify Access Ibm security Verify Access Docker |
|
References | (MISC) https://www.ibm.com/support/pages/node/6953617 - Patch, Vendor Advisory | |
References | (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/233576 - VDB Entry, Vendor Advisory |
17 Feb 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-17 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-36775
Mitre link : CVE-2022-36775
CVE.ORG link : CVE-2022-36775
JSON object : View
Products Affected
ibm
- security_verify_access_docker
- security_verify_access
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')