An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
References
Link | Resource |
---|---|
https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf | Vendor Advisory |
Configurations
History
29 Aug 2022, 14:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ge:workstationst:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Ge
Ge workstationst |
|
CWE | NVD-CWE-Other |
25 Aug 2022, 18:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-25 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37953
Mitre link : CVE-2022-37953
CVE.ORG link : CVE-2022-37953
JSON object : View
Products Affected
ge
- workstationst
CWE
NVD-CWE-Other
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')