CVE-2014-3042
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
85.9%
IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an invalid 3270 data stream.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cics_transaction_server | - | cpe:2.3:a:ibm:cics_transaction_server:-:-:-:*:-:z\/os:*:* |
| ibm | cics_transaction_server | 3.1 | cpe:2.3:a:ibm:cics_transaction_server:3.1:-:-:*:-:z\/os:*:* |
| ibm | cics_transaction_server | 3.2 | cpe:2.3:a:ibm:cics_transaction_server:3.2:-:-:*:*:z\/os:*:* |
| ibm | cics_transaction_server | 4.1 | cpe:2.3:a:ibm:cics_transaction_server:4.1:-:-:*:-:z\/os:*:* |
| ibm | cics_transaction_server | 5.1 | cpe:2.3:a:ibm:cics_transaction_server:5.1:-:-:*:-:z\/os:*:* |
References
secunia.com/advisories/59242
www-01.ibm.com/support/docview.wss?uid=swg1PI16710
www-01.ibm.com/support/docview.wss?uid=swg1PI16726
www-01.ibm.com/support/docview.wss?uid=swg1PI16727
www-01.ibm.com/support/docview.wss?uid=swg21675195
www.securityfocus.com/bid/67944
exchange.xforce.ibmcloud.com/vulnerabilities/93338
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
85.9%