vulnerability
IBM WebSphere Application Server: CVE-2022-34165: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Sep 9, 2022 | Nov 14, 2022 | Aug 11, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Sep 9, 2022
Added
Nov 14, 2022
Modified
Aug 11, 2025
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
Solutions
ibm-was-install-7-0-0-0-ph47531ibm-was-install-8-0-0-0-ph47531ibm-was-install-8-5-0-0-ph47531ibm-was-install-9-0-0-0-ph47531ibm-was-upgrade-8-5-0-0-8-5-5-23ibm-was-upgrade-9-0-0-0-9-0-5-14
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.