CVE-2022-37953
Summary
| CVE | CVE-2022-37953 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-25 18:15:00 UTC |
| Updated | 2022-08-29 14:07:00 UTC |
| Description | An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ge | Workstationst | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_Works... | CONFIRM | www.ge.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability.
There are currently no legacy QID mappings associated with this CVE.