Details of VAR-202302-0494

ID

VAR-202302-0494

CVE

CVE-2022-36775

TITLE

IBM of Security Verify Access and Security Verify Access Docker Injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-016942

DESCRIPTION

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576

Trust: 1.71

sources: NVD: CVE-2022-36775 // JVNDB: JVNDB-2022-016942 // VULMON: CVE-2022-36775

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.4.0	Trust: 1.8
vendor:	ibm	model:	security verify access docker	scope:	eq	version:	10.0.4.0	Trust: 1.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.3.0	Trust: 1.8
vendor:	ibm	model:	security verify access docker	scope:	eq	version:	10.0.0.0	Trust: 1.8
vendor:	ibm	model:	security verify access docker	scope:	eq	version:	10.0.3.0	Trust: 1.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.1.0	Trust: 1.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.2.0	Trust: 1.8
vendor:	ibm	model:	security verify access docker	scope:	eq	version:	10.0.1.0	Trust: 1.8
vendor:	ibm	model:	security verify access docker	scope:	eq	version:	10.0.2.0	Trust: 1.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.0.0	Trust: 1.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	docker 10.0.3.0	Trust: 0.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	docker 10.0.1.0	Trust: 0.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	docker 10.0.2.0	Trust: 0.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	docker 10.0.0.0	Trust: 0.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	docker 10.0.4.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-016942 // NVD: CVE-2022-36775

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-36775
value:	MEDIUM
Trust: 1.8
psirt@us.ibm.com:	CVE-2022-36775
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202302-611
value:	MEDIUM
Trust: 0.6

NVD:
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 2.0
NVD:	CVE-2022-36775
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-016942 // NVD: CVE-2022-36775 // NVD: CVE-2022-36775 // CNNVD: CNNVD-202302-611

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	injection (CWE-74) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-016942 // NVD: CVE-2022-36775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-611

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-611

CONFIGURATIONS

sources: NVD: CVE-2022-36775

PATCH

title:	6953617 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6953617	Trust: 0.8
title:	IBM WebSphere Application Server Liberty Repair measures for injecting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226730	Trust: 0.6

sources: JVNDB: JVNDB-2022-016942 // CNNVD: CNNVD-202302-611

EXTERNAL IDS

db:	NVD	id:	CVE-2022-36775	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-016942	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0742	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-611	Trust: 0.6
db:	VULMON	id:	CVE-2022-36775	Trust: 0.1

sources: VULMON: CVE-2022-36775 // JVNDB: JVNDB-2022-016942 // NVD: CVE-2022-36775 // CNNVD: CNNVD-202302-611

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/233576	Trust: 1.7
url:	https://www.ibm.com/support/pages/node/6953617	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36775	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.0742	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-36775/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-36775 // JVNDB: JVNDB-2022-016942 // NVD: CVE-2022-36775 // CNNVD: CNNVD-202302-611

SOURCES

db:	VULMON	id:	CVE-2022-36775
db:	JVNDB	id:	JVNDB-2022-016942
db:	NVD	id:	CVE-2022-36775
db:	CNNVD	id:	CNNVD-202302-611

LAST UPDATE DATE

2023-12-18T12:41:49.892000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-36775	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-016942	date:	2023-10-10T07:52:00
db:	NVD	id:	CVE-2022-36775	date:	2023-11-07T03:49:40.850
db:	CNNVD	id:	CNNVD-202302-611	date:	2023-02-27T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-36775	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-016942	date:	2023-10-10T00:00:00
db:	NVD	id:	CVE-2022-36775	date:	2023-02-17T17:15:11.137
db:	CNNVD	id:	CNNVD-202302-611	date:	2023-02-08T00:00:00