7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.0%
Multiple Vulnerabilities (CVE-2022-45693, CVE-2022-4568) affects CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerabilities. Please note: PSIRT fixes for CICS Transaction Gateway for Multiplatforms 9.0 will be provided only for extended support customers with request through case via IBM Support.
CVEID:CVE-2022-45693
**DESCRIPTION:**Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242274 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-45685
**DESCRIPTION:**Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string using JSON data, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242596 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM CICS Transaction Gateway | 9.1 |
IBM CICS Transaction Gateway | 9.2 |
IBM CICS Transaction Gateway | 9.3 |
Product | VRMF | APAR | Remediation / First Fix |
---|---|---|---|
CICS Transaction Gateway for Multiplatforms | 9.1.0.3 |
PH52872
| AIX: Fix Central Link
Linux on POWER Big Endian: Fix Central Link
Linux on Intel: Fix Central Link
Linux on IBM Z: Fix Central Link
Windows: Fix Central Link
Solaris: Fix Central Link
HP-UX: Fix Central Link
CICS Transaction Gateway for Multiplatforms| 9.2.0.2| PH52872|
AIX: Fix Central Link
Linux on POWER Big Endian: Fix Central Link
Linux on Intel: Fix Central Link
Linux on IBM Z: Fix Central Link
Windows: Fix Central Link
Solaris: Fix Central Link
HP-UX: Fix Central Link
CICS Transaction Gateway for Multiplatforms|
9.3.0.0
| PH52872|
AIX: Fix Central Link
Linux on POWER Big Endian: Fix Central Link
Linux on POWER Little Endian: Fix Central Link
Linux on Intel: Fix Central Link
Linux on IBM Z: Fix Central Link
Windows: Fix Central Link
Linux on IBM Z container: Fix Central Link
Linux on Intel container: Fix Central Link
None
CPE | Name | Operator | Version |
---|---|---|---|
cics transaction gateway | eq | 9.1 | |
cics transaction gateway | eq | 9.2 | |
cics transaction gateway | eq | 9.3 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.0%