IBM2CD58F3422DADD8F78C93F891E971DA50591E3280B1C2D59C6B3A43B7A311615Security Bulletin: IBM CICS TX Advanced is vulnerable to allowing access to a user's web browser session due to insufficiently protected credentials (CVE-2022-34311).
4.3 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
16.2%
Summary
IBM CICS TX Advanced could allow access to a user’s web browser session due to insufficiently protected credentials. The fix removes this vulnerability (CVE-2022-34311) from IBM CICS TX Advanced.
Vulnerability Details
CVEID:CVE-2022-34311
**DESCRIPTION:**IBM CICS TX could allow a user with physical access to the web browser to gain access to the user’s session due to insufficiently protected credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229446 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Advanced | 11.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability by downloading and applying the interim fixes from the table below
Product
|
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM CICS TX Advanced
|
11.1
|
127902
|
Workarounds and Mitigations
None
Affected configurations
Related
4.3 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
16.2%