CVE-2022-36775

{"id": "CVE-2022-36775", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2023-02-17T17:15:11.137", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233576", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6953617", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576."}], "lastModified": "2023-11-07T03:49:40.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73F59EB-1DCF-40E6-8E74-411F2E24527A"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D01451C-DAEF-4F0A-86CE-5EE40E3DE073"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E5E050F-CF03-471E-9611-37711C9FA446"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7763712B-5716-434D-AA59-02102F8A25D3"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DC8EAED-20A4-4A09-BB5F-60ABE3938EF8"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD986F9E-F28D-431F-A038-54E2E7CD4E31"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE19CE57-7453-4CDA-B85B-DD16296C2C17"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50C3BD53-FDEE-4C59-ABC3-4B40CA35C32E"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B23D4DE5-CA3C-4BBA-9DC2-F322D210470B"}, {"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:10.0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39439FD4-A91F-473A-8FF8-BE48C51BCC32"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}