3 matches found
Security Bulletin: IBM CICS TX Standard is vulnerable to attackers being able to get cookie values (CVE-2022-34307).
Summary IBM CICS TX could allow attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. The fix...
Security Bulletin: IBM CICS TX Advanced is vulnerable to attackers being able to get cookie values (CVE-2022-34307).
Summary IBM CICS TX could allow attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. The fix...
CVE-2022-34307
CVE-2022-34307 affects IBM CICS TX 11.1 across multiple SKUs (Standard/Advanced). The issue: authorization tokens and session cookies are sent without the Secure attribute, allowing a user’s cookie values to be exposed if they are lured to click an http:// link or view a site that reuses the inse...