How severe is CVE-2022-22364?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-22364?

This is classified as CWE-350, which is a common weakness in software security.

CVE-2022-22364 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.

Related Vulnerabilities

CVE-2023-32020

MEDIUM

CVSS:5.6(Medium)

Windows DNS Spoofing Vulnerability

CWE-3502023

CVE-2020-11091

MEDIUM

CVSS:5.8(Medium)

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a clust...

CWE-3502020

CVE-2024-42364

MEDIUM

CVSS:6.5(Medium)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authe...

CWE-3502024

CVE-2018-7160

HIGH

CVSS:8.8(High)

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web b...

CWE-3502018

CVE-2021-34561

HIGH

CVSS:8.8(High)

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any...

CWE-3502021

CVE-2023-52235

HIGH

CVSS:8.8(High)

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.

CWE-3502023