Authorization

2023-06-0801:15:00

PRIOn knowledge base

www.prio-n.com

ibm txseries

multiplatforms

authorization

session cookies

cookie theft

security attribute

http

link

cookie value

traffic snooping

3.5 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

CPENameOperatorVersion
cics_txeq10.1
cics_txeq11.1
cics_txeq11.1
txseries_for_multiplatformeq8.1
txseries_for_multiplatformge8.2
txseries_for_multiplatformlt8.2.0.2
txseries_for_multiplatformge9.1
txseries_for_multiplatformlt9.1.0.2

Name	Operator	Version
cics_tx	eq	10.1
cics_tx	eq	11.1
cics_tx	eq	11.1
txseries_for_multiplatform	eq	8.1
txseries_for_multiplatform	ge	8.2
txseries_for_multiplatform	lt	8.2.0.2
txseries_for_multiplatform	ge	9.1
txseries_for_multiplatform	lt	9.1.0.2