What is CVE-2022-22344?

CVE-2022-22344 is a medium-severity vulnerability in Ibm Spectrum Copy Data Management, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.1/10. Published 2022-03-14.

How severe is CVE-2022-22344?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Ibm Spectrum Copy Data Management

CVE-2022-22344

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable s…

EPSS: 0.006 (44.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Ibm Spectrum Copy Data Management — versions 2.2.0.0, 2.2.14.3
Ibm Spectrum_copy_data_management

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (VDB Entry, vdb-entry, Vendor Advisory, x_refsource_XF)

Frequently asked questions

What is CVE-2022-22344?: CVE-2022-22344 is a medium-severity vulnerability in Ibm Spectrum Copy Data Management, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.1/10. Published 2022-03-14.
How severe is CVE-2022-22344?: Medium severity. CVSS v3 base score is 6.1 out of 10.