Inconsistent interpretation of HTTP requests in IBM OpenPages with Watson
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-32213 |
| CWE-ID | CWE-444 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM OpenPages with Watson Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU65275
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-32213
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM OpenPages with Watson: before 8.3.0.2.1
CPE2.3 External linkshttps://www.ibm.com/support/pages/node/7003313
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
