IBM788C5F30A2C55DB50BAD892994634EFE76D9795C26A634EE2123EE08A8F80111Security Bulletin: IBM CICS TX Advanced is vulnerable to a reverse tabnabbing attack (CVE-2022-38705).
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
39.5%
Summary
IBM CICS TX Advanced could allow a reverse tabnabbing attack. The fix removes this vulnerability (CVE-2022-38705) from IBM CICS TX Advanced.
Vulnerability Details
CVEID:CVE-2022-38705
**DESCRIPTION:**IBM CICS TX Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234172 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Advanced | 11.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability by downloading and applying the interim fixes from the table below
Product
|
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM CICS TX Advanced
|
11.1
|
127901
|
Workarounds and Mitigations
None
Affected configurations
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
39.5%