9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.8%
IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities.
CVEID:CVE-2022-40609
**DESCRIPTION:**IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
CICS Transaction Gateway Desktop Edition | 9.0 |
CICS Transaction Gateway Desktop Edition | 9.1 |
CICS Transaction Gateway Desktop Edition | 9.2 |
CICS Transaction Gateway Desktop Edition | 9.3 |
IBM recommends that you apply these fixes:
Product
| VRMF|Remediation/First Fix
—|—|—
CICS Transaction Gateway for Multiplatforms
CICS Transaction Gateway Desktop Edition
| 9.0|
PSIRT fixes for CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition 9.0 will be provided only for extended support customers with request through Salesforce case.
CICS Transaction Gateway for Multiplatforms
CICS Transaction Gateway Desktop Edition
| 9.1|
AIX: [Fix Central Link](<https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=8.0.8-CICSTG-AIXpSeries32-JRE-SR5&source=SAR > “Fix Central Link” )
Linux on POWER Big Endian: Fix Central Link
Linux on Intel: Fix Central Link
Linux on IBM Z: Fix Central Link
Windows: Fix Central Link
CICS Transaction Gateway for Multiplatforms
CICS Transaction Gateway Desktop Edition
|
9.2
|
AIX: Fix Central Link
Linux on POWER Big Endian: Fix Central Link
Linux on Intel: Fix Central Link
Linux on IBM Z: Fix Central Link
Windows: Fix Central Link
CICS Transaction Gateway for Multiplatforms
CICS Transaction Gateway Desktop Edition
|
9.3
|
Linux on POWER Big Endian: Fix Central Link
Windows: Fix Central Link
None
CPE | Name | Operator | Version |
---|---|---|---|
cics transaction gateway | eq | 9.0 | |
cics transaction gateway | eq | 9.1 | |
cics transaction gateway | eq | 9.2 | |
cics transaction gateway | eq | 9.3 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.8%