{"api_version":"1","generated_at":"2026-04-22T23:32:07+00:00","cve":"CVE-2022-22344","urls":{"html":"https://cve.report/CVE-2022-22344","api":"https://cve.report/api/cve/CVE-2022-22344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22344"},"summary":{"title":"CVE-2022-22344","description":"IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-03-14 17:15:00","updated_at":"2023-08-08 14:21:00"},"problem_types":["CWE-74"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/220038","name":"ibm-spectrum-cve202222344-header-injection (220038)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6562479","name":"https://www.ibm.com/support/pages/node/6562479","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: IBM Spectrum Copy Data Management is vulnerable to Slowloris, HTTP header injection, XSS, and CSRF (CVE-2022-22354, CVE-2022-22344, CVE-2021-39055, CVE-2021-39051)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_copy_data_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"description":{"description_data":[{"value":"IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038","lang":"eng"}]},"impact":{"cvssv3":{"TM":{"RC":"C","RL":"O","E":"U"},"BM":{"I":"L","UI":"N","SCORE":"4.800","AC":"H","S":"U","AV":"N","C":"L","A":"N","PR":"N"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Gain Access"}]}]},"data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-22344","STATE":"PUBLIC","DATE_PUBLIC":"2022-03-11T00:00:00","ASSIGNER":"psirt@us.ibm.com"},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6562479","title":"IBM Security Bulletin 6562479 (Spectrum Copy Data Management)","refsource":"CONFIRM","url":"https://www.ibm.com/support/pages/node/6562479"},{"name":"ibm-spectrum-cve202222344-header-injection (220038)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/220038"}]},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Spectrum Copy Data Management","version":{"version_data":[{"version_value":"2.2.0.0"},{"version_value":"2.2.14.3"}]}}]},"vendor_name":"IBM"}]}},"data_type":"CVE","data_format":"MITRE"},"nvd":{"publishedDate":"2022-03-14 17:15:00","lastModifiedDate":"2023-08-08 14:21:00","problem_types":["CWE-74"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_copy_data_management:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0.0","versionEndExcluding":"2.2.15.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22344","Ordinal":"224685","Title":"CVE-2022-22344","CVE":"CVE-2022-22344","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22344","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}