171 matches found
Security Bulletin: Vulnerability (CVE-2022-3676) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition
Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2022-3676 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway
Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22476...
Security Bulletin: Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 affecting CICS Transaction Gateway Desktop Edition
Summary There is a vulnerability which is related to HTTP injection in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 used by CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway Desktop Edition has...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 affects CICS Transaction Gateway
Summary There is a vulnerability which is related to identity spoofing in IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-22475...
Security Bulletin: Vulnerabilities (CVE-2022-21541 and CVE-2022-21540) in IBM Java Runtime affects CICS Transaction Gateway Desktop Editon
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway Desktop Editon. The fix removes vulnerabilities CVE-2022-21541 and CVE-2022-21540 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact...
Security Bulletin: Vulnerability (CVE-2021-2163) in IBM Java Runtime affects CICS Transaction Gateway Desktop Editon
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway Desktop Editon. The fix removes vulnerability CVE-2021-2163 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. Vulnerability Details...
Security Bulletin: Vulnerability (CVE-2022-3676) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition
Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2022-3676 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass...
Security Bulletin: Vulnerability (CVE-2021-41041) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition
Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2021-41041 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypa...
Security Bulletin: Vulnerability (CVE-2021-2163) in IBM Java Runtime affects CICS Transaction Gateway
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-2163 that could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. Vulnerability Details CVEID:CVE-2021-2163...
Security Bulletin: Vulnerability (CVE-2021-28167) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition
Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2021-28167 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypa...
Security Bulletin: Vulnerability (CVE-2021-41041) in Eclipse Openj9 affects CICS Transaction Gateway
Summary Eclipse Openj9 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-41041 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...
Security Bulletin: Vulnerabilities (CVE-2022-21541 and CVE-2022-21540 ) in IBM Java Runtime affects CICS Transaction Gateway
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway. The fix removes vulnerabilities CVE-2022-21541 and CVE-2022-21540 that can allow an unauthenticated attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2022-21541 DESCRIPTION: An unspecified...
CVE-2022-34318
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM...
IBM CICS TX 安全漏洞
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. A security vulnerability exists in IBM CICS TX version 11.1, which stems from the presence of a click-through operation that allows a remote attacker to hijack a victim's click-through...
Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service
Summary FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service, caused by a Java StackOverflow exception CVE-2020-36518. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML...
Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service and could provide weaker than expected security
Summary FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service CVE-2022-42004, CVE-2022-42003, CVE-2020-36518 and could provide weaker than expected security CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service
Summary jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service, caused by a stack-based buffer overflow CVE-2022-40149 and an out of memory flaw CVE-2022-40150. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40149...
Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security
Summary FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security, caused by not having entity expansion secured properly CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...
CVE-2022-34317
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459...
CVE-2022-34316
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...