How severe is CVE-2022-34165?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Vulnerability in Ibm Websphere Application Server

CVE-2022-34165

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct…

EPSS: 0.002 (47.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/UI:N/PR:L/I:L/A:N/C:L/AV:N/AC:L/S:U/E:U/RC:C/RL:O.

Affected products

Ibm Websphere Application Server — versions 7.0, 8.0, 8.5
Ibm Websphere Application Server Liberty — versions 17.0.0.3, 22.0.0.9

References

www.ibm.com/support/pages/node/6618747 (x_refsource_CONFIRM)
ibm-websphere-cve202234165-http-injection (229429) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2022-34165?: CVE-2022-34165 is a medium-severity vulnerability in Ibm Websphere Application Server. CVSS score: 5.4/10. Published 2022-09-09.
How severe is CVE-2022-34165?: Medium severity. CVSS v3 base score is 5.4 out of 10.