IBM914BCDF7FC01F096C21B12AC52F38F6C12305A55E5CFC0DEB0743117C6CDB2BBSecurity Bulletin: IBM CICS TX Standard is vulnerable to a remote attack by hijacking the clicking action of the victim (CVE-2022-34318).
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
39.9%
Summary
IBM CICS TX Standard could allow a remote attack by hijacking the clicking action of the victim. The fix removes this vulnerability (CVE-2022-34318) from IBM CICS TX Standard.
Vulnerability Details
CVEID:CVE-2022-34318
**DESCRIPTION:**IBM CICS TX could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Standard | All |
Remediation/Fixes
Product |
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM CICS TX Standard
|
11.1
|
127927
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
39.9%