Lucene search

[email protected]CVE-2023-33847

HistoryJun 08, 2023 - 1:15 a.m.

CVE-2023-33847

2023-06-0801:15:09

[email protected]

web.nvd.nist.gov

ibm

txseries

multiplatforms

security

vulnerability

session

authorization

token

cve-2023-33847

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

Affected configurations

Vulners

NVD

Node

ibmtxseries_for_multiplatformsMatch8.1

ibmtxseries_for_multiplatformsMatch8.2

ibmtxseries_for_multiplatformsMatch9.1

ibmcics_txMatch11.1

ibmcics_txMatch10.1

ibmcics_txMatch11.1

VendorProductVersionCPE
ibmtxseries_for_multiplatforms8.1cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*
ibmtxseries_for_multiplatforms8.2cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*
ibmtxseries_for_multiplatforms9.1cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*
ibmcics_tx11.1cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:*:*:*:*
ibmcics_tx10.1cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:*:*:*:*
ibmcics_tx11.1cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	txseries_for_multiplatforms	8.1	cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:::::::*
ibm	txseries_for_multiplatforms	8.2	cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:::::::*
ibm	txseries_for_multiplatforms	9.1	cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:::::::*
ibm	cics_tx	11.1	cpe:2.3:a:ibm:cics_tx:11.1:::::::*
ibm	cics_tx	10.1	cpe:2.3:a:ibm:cics_tx:10.1:::::::*
ibm	cics_tx	11.1	cpe:2.3:a:ibm:cics_tx:11.1:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TXSeries for Multiplatforms",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1, 8.2, 9.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CICS TX Standard",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CICS TX Advanced",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1, 11.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/257102

www.ibm.com/support/pages/node/7001635

www.ibm.com/support/pages/node/7001641

www.ibm.com/support/pages/node/7001645

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

Related for CVE-2023-33847

prion1 ibm3 cvelist1 nvd1