CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2022-34165
https://notcve.org/view.php?id=CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 e IBM WebSphere Application Server Liberty versiones 17.0.0.3 a 22.0.0.9 son vulnerables a una inyección de encabezados HTTP, causada por una comprobación inapropiada. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo el envenenamiento de la caché y ataques de tipo cross-site scripting. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229429 https://www.ibm.com/support/pages/node/6618747 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-22477
https://notcve.org/view.php?id=CVE-2022-22477
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. IBM WebSphere Application Server versiones 8.5 y 9.0 es vulnerable al cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225605 https://www.ibm.com/support/pages/node/6603417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22473
https://notcve.org/view.php?id=CVE-2022-22473
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347. IBM WebSphere Application Server versiones 7.0, 8.0, 8.5 y 9.0 podría permitir a un atacante remoto obtener información confidencial causada por un manejo inapropiado de los datos de la Consola Administrativa. Esta información podría usarse en otros ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/225347 https://www.ibm.com/support/pages/node/6603421 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22318
https://notcve.org/view.php?id=CVE-2022-22318
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro usuario en el sistema • https://exchange.xforce.ibmcloud.com/vulnerabilities/218283 https://www.ibm.com/support/pages/node/6596049 • CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22317
https://notcve.org/view.php?id=CVE-2022-22317
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. IBM Curam Social Program Management versiones 8.0.0 y 8.0.1, no invalida la sesión tras el cierre de sesión, lo que podría permitir a un usuario autenticado hacerse pasar por otro en el sistema. IBM X-Force ID: 218281 • https://exchange.xforce.ibmcloud.com/vulnerabilities/218281 https://www.ibm.com/support/pages/node/6596049 • CWE-613: Insufficient Session Expiration •