IBM2085FF11D2B3E21178F92BC93A5BDB32489A3A000CC1E1606188FC90E7EA9C5ASecurity Bulletin: IBM CICS TX Advanced is vulnerable to an attacker decrypting highly sensitive information . (CVE-2022-34310) .
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
15.5%
Summary
IBM CICS TX Advanced could allow an attacker to decrypt highly sensitive information . The fix removes this vulnerability (CVE-2022-34310) from IBM CICS TX Advanced.
Vulnerability Details
CVEID:CVE-2022-34310
**DESCRIPTION:**IBM CICS TX uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229441 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Advanced | 11.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability by downloading and applying the interim fixes from the table below:
Product
|
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM CICS TX Advanced
|
11.1
|
127918
|
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
15.5%