IBM CICS TX Advanced is vulnerable to CVE-2023-38546 if curl function, curl_easy_duphandle, has cookies enabled during the transfer when the handle is duplicated. Curl is used by IBM CICS TX Advancede to transfer data. An update to IBM CICS TX Advanced has been released to address this vulnerability.
CVEID:CVE-2023-38546
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the curl_easy_duphandle function if a transfer has cookies enabled when the handle is duplicated. By sending a specially crafted request, an attacker could exploit this vulnerability to insert cookies at will into a running program.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM CICS TX Advanced | 10.1 |
IBM strongly recommends addressing the vulnerability now by updating IBM CICS TX Advanced.
Product | Version | Platform | Remediation/Fix |
---|---|---|---|
IBM CICS TX Advanced |
10.1
| Linux|
Download the update from Fix Central.
None