CVE-2025-36223 (GCVE-0-2025-36223)
Vulnerability from cvelistv5
Published
2025-11-12 21:04
Modified
2025-11-13 15:03
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE
  • CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Summary
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
References
Impacted products
Vendor Product Version
IBM OpenPages Version: 9.0
Version: 9.1
    cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-13T15:03:44.665622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-13T15:03:56.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*"
          ],
          "product": "OpenPages",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "9.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\u003c/p\u003e"
            }
          ],
          "value": "IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-644",
              "description": "CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-12T21:04:45.915Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7250239"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRemediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e"
            }
          ],
          "value": "Remediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\u00a09.0\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product."
        }
      ],
      "title": "IBM OpenPages Host Header Injection",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36223",
    "datePublished": "2025-11-12T21:04:45.915Z",
    "dateReserved": "2025-04-15T21:16:41.802Z",
    "dateUpdated": "2025-11-13T15:03:56.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-36223\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-11-12T21:15:49.590\",\"lastModified\":\"2025-11-14T16:42:30.503\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-644\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7250239\",\"source\":\"psirt@us.ibm.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36223\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-13T15:03:44.665622Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-13T15:03:50.819Z\"}}], \"cna\": {\"title\": \"IBM OpenPages Host Header Injection\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:openpages:9.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:openpages:9.1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"OpenPages\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0\"}, {\"status\": \"affected\", \"version\": \"9.1\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Remediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\\u00a09.0\\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eRemediation/Fixes A mitigation procedure has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below: Product Remediation For IBM OpenPages 9.1.2 Download URL for 9.1.2 https://www.ibm.com/support/pages/downloading-ibm-openpages-version-912-passport-advantage For IBM OpenPages 9.0 - Apply\\u00a09.0\\u00a0FixPack 5 ( 9.0.0.5 ) - Then Apply 9.0.0.5 Interim Fix 7 ( 9.0.0.5.7 ) Download URL for 9.0.0.5 https://www.ibm.com/support/pages/ibm-openpages-90-fix-pack-5 Download URL for 9.0.0.5.7 https://www.ibm.com/support/pages/ibm-openpages-9005-interim-fix-7 Please refer mitigation steps here: https://www.ibm.com/docs/en/openpages/9.1.x?topic=settings-configure-allowed-hostnames https://www.ibm.com/docs/en/openpages/9.0.0?topic=settings-configure-allowed-hostnames For IBM OpenPages v8.0/8.1/8.2/8.3 customers, IBM recommends to upgrade to a fixed and supported version 9.0 or 9.1 of the product.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7250239\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-644\", \"description\": \"CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-11-12T21:04:45.915Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-36223\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-13T15:03:56.553Z\", \"dateReserved\": \"2025-04-15T21:16:41.802Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-11-12T21:04:45.915Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.