Lucene search

IbmCVELIST:CVE-2022-34316

HistoryNov 14, 2022 - 6:47 p.m.

CVE-2022-34316 IBM CICS TX information disclosure

2022-11-1418:47:00

CWE-644

ibm

www.cve.org

ibm

cics tx

information disclosure

web scripting

http headers

ibm x-force id

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CICS TX",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "11.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/229452

www.ibm.com/support/pages/node/6833176

www.ibm.com/support/pages/node/6833178

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Related for CVELIST:CVE-2022-34316