Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to multiple security vulnerabilities in the Administration Console shipped with the product (CVE-2024-22344, CVE-2024-22345 and CVE-2024-22343).

Summary

There are vulnerabilities in the Administration console shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has been updated to address the applicable issues.

Vulnerability Details

CVEID:CVE-2024-22343
**DESCRIPTION:**IBM TXSeries for Multiplatforms allows web pages to be stored locally which can be read by another user on the system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280190 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2024-22344
**DESCRIPTION:**IBM TXSeries for Multiplatforms is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2024-22345
**DESCRIPTION:**IBM TXSeries for Multiplatforms transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280192 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by upgrading IBM TXSeries for Multiplatforms.

8.2

| Linux, AIX, Windows, HP|

Download the upgrade from Fix Central

Workarounds and Mitigations

None