IBM46C6779A46669B97F259F4B6C43A6F96695F955387924D8C910EE7E5C2E4224ASecurity Bulletin: IBM CICS TX Advanced is vulnerable to a remote attack by hijacking the clicking action of the victim (CVE-2022-34318).
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
39.9%
Summary
IBM CICS TX Advanced could allow a remote attack by hijacking the clicking action of the victim. The fix removes this vulnerability (CVE-2022-34318) from IBM CICS TX Advanced.
Vulnerability Details
CVEID:CVE-2022-34318
**DESCRIPTION:**IBM CICS TX could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Advanced | 11.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability by downloading and applying the interim fixes from the table below
Product
|
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM CICS TX Advanced
|
11.1
|
127927
|
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
39.9%