CVE-2022-34316

Опубликовано: 14 нояб. 2022

Источник: nvd

CVSS3: 3.7

CVSS3: 5.3

EPSS Низкий

Описание

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/229452
VDB Entry
https://www.ibm.com/support/pages/node/6833176
Patch
Vendor Advisory
https://www.ibm.com/support/pages/node/6833178
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/229452
VDB Entry
https://www.ibm.com/support/pages/node/6833176
Patch
Vendor Advisory
https://www.ibm.com/support/pages/node/6833178
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*

EPSS

Процентиль: 61%

0.00412

Низкий

3.7 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-644

CWE-116

Связанные уязвимости

GHSA-cjhx-7pr5-4vmp

CVSS3: 5.3

github

около 3 лет назад

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

EPSS

Процентиль: 61%

0.00412

Низкий

3.7 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-644

CWE-116