Security Bulletin: CVE-2023-24539, CVE-2023-29400, CVE-2023-29403 related to "Go" may affect IBM CICS TX Advanced 11.1

Summary

CVE-2023-24539, CVE-2023-29400, CVE-2023-29403 related to “Go” may affect IBM CICS TX Advanced 11.1. IBM CICS TX Advanced has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2023-24539
**DESCRIPTION:**Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a ‘/’ character, which when viewed, would execute in the victim’s Web browser within the security context of the hosting site.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256136 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-29400
**DESCRIPTION:**Golang Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into the templates, which when parsed, would execute in the victim’s Web browser within the security context of the hosting site.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255427 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2023-29403
**DESCRIPTION:**Golang Go could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when a binary is run with the setuid/setgid bits. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. to read or write contents of the registers.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257653 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

11.1

| Linux| Fix Central Link

Workarounds and Mitigations

None