46 matches found
CVE-2022-34309
CVE-2022-34309 affects IBM CICS TX Standard and Advanced 11.1. The vulnerability arises from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s advisories indicate that IBM CICS TX Standard and IBM CICS TX Advance...
CVE-2022-34310
The CVE-2022-34310 issue affects IBM CICS TX Standard and Advanced 11.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Public documents confirm affected products and versions (IBM CICS TX Standard and IBM CICS TX Advanced, 11....
CVE-2022-34318
CVE-2022-34318 concerns IBM CICS TX 11.1 (Standard/Advanced). A remote attacker could hijack a victim’s clicking action by steering them to a malicious Web site, potentially enabling further attacks. The vulnerability is documented across multiple sources (IBM X-Force ID 229461). Remediations men...
CVE-2023-33850
CVE-2023-33850 involves IBM GSKit-Crypto and a timing-based side channel in the RSA Decryption routine that could allow a remote attacker to obtain sensitive information. The connected IBM bulletins enumerate this CVE among others and indicate affected IBM products (e.g., a range of IBM Java/SDK/...
CVE-2022-34160
CVE-2022-34160 affects IBM CICS TX Standard and Advanced 11.1 (IBM CICS TX Standard and Advanced). The vulnerability is an HTML injection flaw in which remote attackers could inject HTML code that executes in the victim’s browser within the site’s security context. IBM references an X-Force ID (2...
CVE-2023-42027
CVE-2023-42027 affects IBM CICS TX Standard (11.1) and Advanced (10.1, 11.1) and TXSeries for Multiplatforms (8.1–9.1). The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to perform malicious actions on behalf of an authenticated user. Root cause and impact are ...
CVE-2023-38360
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting due to insufficient filtering/escaping of user-supplied data in the Web UI. This can allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediation/fix is availabl...
CVE-2023-38363
CVE-2023-38363 affects IBM CICS TX Advanced 10.1. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing an attacker to obtain cookie values by enticing a user to click an http:// link or by embedding the link on a site the user visits. The i...
CVE-2022-34306
IBM CICS TX Standard and Advanced (11.1) are affected by CVE-2022-34306 due to HTTP header injection caused by improper validation of HOST headers. This can enable cross-site scripting, cache poisoning, or session hijacking as described by IBM security bulletins. Remediation is to apply the inter...
CVE-2023-38362
IBM CICS TX Advanced 10.1 is affected by an information-disclosure vulnerability where observable differences in HTTP responses could expose sensitive data. The root cause is an observable discrepancy in HTTP responses that could be exploited by a remote attacker; CVSSv3.1 base score 5.3 (Medium)...
CVE-2023-38361
CVE-2023-38361 affects IBM CICS TX Advanced 10.1, where weaker cryptographic algorithms could let an attacker decrypt highly sensitive data. The issue is documented across multiple sources (IBM bulletin A557C..., X-Force 260770). Remediation is available: upgrade to the fixed IBM CICS TX Advanced...
CVE-2022-34162
IBM CICS TX 11.1 is affected by CVE-2022-34162 (clickjacking). IBM CICS TX Standard and IBM CICS TX Advanced (both 11.1) could allow a remote attacker to hijack a victim’s clicking actions by convincing the user to visit a malicious web page, potentially enabling further attacks. IBM references t...
CVE-2022-34166
CVE-2022-34166 affects IBM CICS TX Standard and IBM CICS TX Advanced (11.1). The issue is a cross-site scripting vulnerability allowing embedded arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM's advisories state the vulnerability is ...
CVE-2023-33847
IBM TXSeries for Multiplatforms (versions 8.1–9.1) and IBM CICS TX Standard/Advanced (TX Standard 11.1; TX Advanced 10.1–11.1) expose a vulnerability where authorization tokens and session cookies are issued without the Secure attribute. This allows an attacker to obtain cookie values by luring a...
CVE-2022-34164
IBM CICS TX 11.1 (Standard and Advanced) is affected by CVE-2022-34164 due to improper input validation that could allow a local user to impersonate another legitimate user. IBM bulletins confirm affected versions 11.1 and provide remediation by applying interim fixes (e.g., defects like 127640) ...
CVE-2022-34307
CVE-2022-34307 affects IBM CICS TX 11.1 across multiple SKUs (Standard/Advanced). The issue: authorization tokens and session cookies are sent without the Secure attribute, allowing a user’s cookie values to be exposed if they are lured to click an http:// link or view a site that reuses the inse...
CVE-2025-1329
CVE-2025-1329 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1. The root cause is failure to correctly handle DNS return requests by the gethostbyaddr function, allowing a local user to execute arbitrary code. Public sources in the connected documents confirm the impact is...
CVE-2022-33955
CVE-2022-33955 affects IBM CICS TX on 11.1 (Standard/Advanced) and is caused by a back-and-refresh attack that a person with physical access can exploit to execute code. IBM reports CVSS base score 4.3 (vector CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L); NVD lists a higher score (6.8) under CVS...
CVE-2022-34308
The CVE-2022-34308 entry relates to IBM CICS TX 11.1 and describes a local user denial-of-service due to improper load handling. Connected IBM security bulletins confirm affected products and versions: IBM CICS TX Standard and IBM CICS TX Advanced both list 11.1 as affected, with remediation stat...
CVE-2023-33846
CVE-2023-33846 affects IBM TXSeries for Multiplatforms (8.1, 8.2, 9.1) and IBM CICS TX Standard/Advanced (11.1, 10.1) with a cross-site scripting flaw in the Web UI that can let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure in a trusted session. Remediation...
CVE-2022-34167
CVE-2022-34167 affects IBM CICS TX Standard and IBM CICS TX Advanced (11.1). The vulnerability is a stored cross-site scripting flaw in the Web UI that allows embedding arbitrary JavaScript, potentially enabling credentials disclosure within a trusted session. Root cause: insufficient input valid...
CVE-2023-38364
CVE-2023-38364 affects IBM CICS TX Advanced 10.1. The vulnerability is a cross-site scripting (XSS) flaw arising from insufficient input handling in the Web UI, enabling an attacker to embed arbitrary JavaScript within a trusted session. The CVSS v3.1 base score is 6.1 (Network attack, user inter...
CVE-2024-41744
CVE-2024-41744 affects IBM CICS TX Standard Web UI (11.1). The Red Hat/IBM bulletin and NVD entries describe a Cross-Site Request Forgery (CSRF) flaw that could allow an attacker to induce unauthorized actions from a trusted user. Remediation guidance in the connected documents is to upgrade/patc...
CVE-2022-34161
CVE-2022-34161 affects IBM CICS TX 11.1 (Standard/Advanced). The vulnerability is a cross-site request forgery that could let an attacker perform malicious, unauthorized actions on behalf of a trusted user. IBM’s security bulletins confirm the issue and note fixes for CICS TX Standard/Advanced 11...
CVE-2022-34313
CVE-2022-34313 affects IBM CICS TX 11.1, where authorization tokens and session cookies are created without the secure attribute, enabling exposure of cookie values when users click on or load http:// links. The issue is documented across IBM advisories (Standard and Advanced) and external refere...
CVE-2022-34163
The CVE-2022-34163 issue affects IBM CICS TX Standard/Advanced 11.1. Root cause is improper validation of input in the HOST header, causing HTTP header injection that can enable cross-site scripting, cache poisoning, or session hijacking. IBM provides fixes for 11.1 (defect 127639) via interim up...
CVE-2022-34329
CVE-2022-34329 – IBM CICS TX 11.7 information disclosure . The available documents confirm a vulnerability in IBM CICS TX 11.7 where an attacker could obtain sensitive information from HTTP response headers. The CVSS baseline in the sources is 5.3 (MEDIUM) with network access, low confidentiality...
CVE-2023-33848
The CVE-2023-33848 issue affects IBM TXSeries for Multiplatforms (versions 8.1–9.1) and IBM CICS TX products, where enabling debug mode can let a privileged user obtain highly sensitive information. Affected components include IBM TXSeries for Multiplatforms and CICS TX Standard/Advanced (Standar...
CVE-2022-31767
CVE-2022-31767 affects IBM CICS TX Standard and Advanced 11.1, enabling remote arbitrary command execution via a specially crafted request. Root cause is a vulnerability in handling requests that allows code execution. The IBM security bulletins for Standard and Advanced 11.1 describe interim fix...
CVE-2022-34316
CVE-2022-34316 affects IBM CICS TX 11.1, where HTTP headers may not neutralize or may incorrectly neutralize web scripting syntax, potentially enabling abuse by components that process raw headers. Public details in IBM bulletins confirm the issue and cite IBM X-Force ID 229452. CVSS metrics plac...
CVE-2022-34320
CVE-2022-34320 affects IBM CICS TX 11.1. The vulnerability arises from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM references the X-Force ID 229464 and documents a remediation path: IBM CICS TX Standard/Advan...
CVE-2023-42031
Summary of CVE-2023-42031 (IBM TXSeries / CICS TX) : A denial-of-service vulnerability arises from uncontrolled resource consumption in IBM TXSeries for Multiplatforms (versions 8.1, 8.2, 9.1) and IBM CICS TX components (Standard 11.1; Advanced 10.1, 11.1). The root cause is improper input valida...
CVE-2022-34319
CVE-2022-34319 affects IBM CICS TX family: specifically IBM CICS TX 11.7 uses weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Connected documents also reference IBM CICS TX Standard/Advanced around version 11.1 and indicate fixes/remediations ...
CVE-2023-43018
CVE-2023-43018 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1/11.1, where an operation runs at a privilege level higher than the minimum required, potentially creating or amplifying weaknesses. Public details in connected sources confirm the affected products and versions, with n...
CVE-2022-34312
CVE-2022-34312 affects IBM CICS TX 11.1. The vulnerability allows web pages to be stored locally and read by another user on the same system, constituting an information disclosure. Affected products include IBM CICS TX Standard and IBM CICS TX Advanced (both 11.1). The issue’s base metrics show ...
CVE-2025-1331
IBM CICS TX code execution (CVE-2025-1331) affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1/11.1. Root cause: unsafe use of the gets function, enabling a local user to execute arbitrary code. CVSS v3.1 base score 7.8 (LOCAL, HIGH impacts; privileges/impact). Remediation: apply fixe...
CVE-2022-34317
IBM CICS TX 11.1 is affected by CVE-2022-34317, a cross-site scripting vulnerability in the Web UI that can permit arbitrary JavaScript execution and potentially credentials disclosure within a trusted session. Root cause: improper input handling in the Web UI. Impact is UI-level, with potential ...
CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced are affected by CVE-2022-38705 due to a reverse tabnabbing flaw that could let a remote attacker bypass security restrictions and redirect users to phishing sites. Affected products include IBM CICS TX Standard and IBM CICS TX Advanced (both 11.1). The IBM s...
CVE-2023-33849
CVE-2023-33849 affects IBM TXSeries for Multiplatforms (8.1–9.1) and IBM CICS TX variants (Standard 11.1, Advanced 10.1/11.1). The vulnerability enables transmission of highly sensitive information in query parameters that can be intercepted via man‑in‑the‑middle techniques. Impact is described a...
CVE-2023-42029
CVE-2023-42029 affects IBM CICS TX Standard 11.1, IBM CICS TX Advanced 10.1 and 11.1, and TXSeries for Multiplatforms 8.1–9.1. Issue: cross-site scripting in the Web UI that can embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Root cause: improper...
CVE-2024-41746
CVE-2024-41746 affects IBM CICS TX Advanced 10.1 and 11.1, and IBM CICS TX Standard 11.1. The Red Hat/IBM and CVE records consistently describe a stored cross-site scripting flaw in the Web UI that enables embedding of arbitrary JavaScript, potentially altering functionality and leading to creden...
CVE-2022-34315
IBM CICS TX 11.1 is affected by CVE-2022-34315, a cross-site scripting vulnerability that could allow embedding arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected products include IBM CICS TX Standard and Advanced (11.1). Remediation notes f...
CVE-2025-1330
CVE-2025-1330 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1. The vulnerability stems from improper handling of DNS return requests by the gethostbyname function, allowing a local user to execute arbitrary code on the system. Impact is described as a local code execution...
CVE-2024-41745
CVE-2024-41745 affects IBM CICS TX Standard Web UI with a cross-site scripting (XSS) vulnerability. An unauthenticated attacker can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM-issued guidance indicates the vulnerability is ...
CVE-2022-34314
The CVE-2022-34314 entry concerns IBM CICS TX 11.1, where insecure permission settings could disclose sensitive information to a local user. This is evidenced by multiple connected sources (IBM Security Bulletins for Standard and Advanced editions) indicating an information-disclosure vulnerabili...
CVE-2022-34311
CVE-2022-34311 affects IBM CICS TX Standard and IBM CICS TX Advanced 11.1. The issue allows a user with physical access to the web browser to gain access to the user’s session due to insufficiently protected credentials. CVSS v3 base score 4.3 (Attacker: Physical, Privileges Required: None, User ...