Security Bulletin: "Cross Site Request Forgery" and "Cross Site Scripting" vulnerabilities affect IBM TXSeries for Multiplatforms

Summary

“Cross Site Request Forgery” and “Cross Site Scripting” vulnerabilities affect IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-42027
**DESCRIPTION:**IBM CICS TX is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-42029
**DESCRIPTION:**IBM CICS TX is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

8.1

| Linux, AIX| PSIRT fixes for IBM TXSeries for Multiplatforms 8.1 will be provided only for extended support customers with request through Salesforce case.
IBM TXSeries for Multiplatforms|

8.2

| Linux, AIX, HP, Windows| Fix Central Link
IBM TXSeries for Multiplatforms|

9.1

| Linux, AIX| Fix Central Link

Workarounds and Mitigations

None