CVE-2022-22344
Description
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Spectrum Copy Data Management 2.2.0.0–2.2.14.3 fails to validate HOST headers, enabling HTTP header injection attacks.
Vulnerability
IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3 contain an HTTP header injection vulnerability [1]. The flaw originates from improper validation of input in the HOST headers, allowing an attacker to inject arbitrary header content into HTTP responses [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious HOST header to the affected management console [1]. No authentication or user interaction is required for the injection itself, though the attacker must be able to send network requests to the vulnerable system (network adjacency required) [1]. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) indicates that successful exploitation requires high attack complexity [1].
Impact
Successful HTTP header injection can lead to a variety of secondary attacks against the system and its users, including cross-site scripting (XSS), cache poisoning, or session hijacking [1]. The attacker can potentially manipulate HTTP responses to inject malicious scripts or redirect users, leading to information disclosure or compromise of user sessions [1]. The confidentiality and integrity impact are rated as low per the CVSS score [1].
Mitigation
IBM has addressed this vulnerability in fix pack 2.2.14.4 or later, released on 2022-03-11, as documented in the security bulletin [1]. Users should upgrade to the latest version as soon as possible. No workarounds are listed; upgrading is the recommended remediation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.2.0.0 - 2.2.14.3
- IBM/Spectrum Copy Data Managementv5Range: 2.2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/220038mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6562479mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.