Lucene search
+L
IbmCics Tx

46 matches found

cve
cve
added 2024/02/12 7:6 p.m.4016 views

CVE-2022-34309

CVE-2022-34309 affects IBM CICS TX Standard and Advanced 11.1. The vulnerability arises from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s advisories indicate that IBM CICS TX Standard and IBM CICS TX Advance...

7.5CVSS5.5AI score0.00486EPSS
cve
cve
added 2024/02/12 5:46 p.m.3975 views

CVE-2022-34310

The CVE-2022-34310 issue affects IBM CICS TX Standard and Advanced 11.1, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Public documents confirm affected products and versions (IBM CICS TX Standard and IBM CICS TX Advanced, 11....

7.5CVSS5.5AI score0.00486EPSS
cve
cve
added 2022/11/14 7:4 p.m.222 views

CVE-2022-34318

CVE-2022-34318 concerns IBM CICS TX 11.1 (Standard/Advanced). A remote attacker could hijack a victim’s clicking action by steering them to a malicious Web site, potentially enabling further attacks. The vulnerability is documented across multiple sources (IBM X-Force ID 229461). Remediations men...

6.1CVSS5.8AI score0.00614EPSS
cve
cve
added 2023/08/22 8:31 p.m.200 views

CVE-2023-33850

CVE-2023-33850 involves IBM GSKit-Crypto and a timing-based side channel in the RSA Decryption routine that could allow a remote attacker to obtain sensitive information. The connected IBM bulletins enumerate this CVE among others and indicate affected IBM products (e.g., a range of IBM Java/SDK/...

7.5CVSS7.4AI score0.00855EPSS
cve
cve
added 2022/07/08 5:0 p.m.109 views

CVE-2022-34160

CVE-2022-34160 affects IBM CICS TX Standard and Advanced 11.1 (IBM CICS TX Standard and Advanced). The vulnerability is an HTML injection flaw in which remote attackers could inject HTML code that executes in the victim’s browser within the site’s security context. IBM references an X-Force ID (2...

5.8CVSS5.5AI score0.01049EPSS
cve
cve
added 2023/11/02 11:40 p.m.101 views

CVE-2023-42027

CVE-2023-42027 affects IBM CICS TX Standard (11.1) and Advanced (10.1, 11.1) and TXSeries for Multiplatforms (8.1–9.1). The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to perform malicious actions on behalf of an authenticated user. Root cause and impact are ...

8.8CVSS6.4AI score0.00291EPSS
cve
cve
added 2024/03/04 6:5 p.m.93 views

CVE-2023-38360

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting due to insufficient filtering/escaping of user-supplied data in the Web UI. This can allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Remediation/fix is availabl...

6.1CVSS5.8AI score0.00317EPSS
cve
cve
added 2023/11/13 1:24 a.m.92 views

CVE-2023-38363

CVE-2023-38363 affects IBM CICS TX Advanced 10.1. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing an attacker to obtain cookie values by enticing a user to click an http:// link or by embedding the link on a site the user visits. The i...

4.3CVSS4.1AI score0.00569EPSS
cve
cve
added 2022/07/08 5:0 p.m.90 views

CVE-2022-34306

IBM CICS TX Standard and Advanced (11.1) are affected by CVE-2022-34306 due to HTTP header injection caused by improper validation of HOST headers. This can enable cross-site scripting, cache poisoning, or session hijacking as described by IBM security bulletins. Remediation is to apply the inter...

5.5CVSS5.3AI score0.00693EPSS
cve
cve
added 2024/03/04 3:56 p.m.90 views

CVE-2023-38362

IBM CICS TX Advanced 10.1 is affected by an information-disclosure vulnerability where observable differences in HTTP responses could expose sensitive data. The root cause is an observable discrepancy in HTTP responses that could be exploited by a remote attacker; CVSSv3.1 base score 5.3 (Medium)...

5.3CVSS4.9AI score0.0047EPSS
cve
cve
added 2023/11/18 5:24 p.m.87 views

CVE-2023-38361

CVE-2023-38361 affects IBM CICS TX Advanced 10.1, where weaker cryptographic algorithms could let an attacker decrypt highly sensitive data. The issue is documented across multiple sources (IBM bulletin A557C..., X-Force 260770). Remediation is available: upgrade to the fixed IBM CICS TX Advanced...

7.5CVSS6.3AI score0.00426EPSS
cve
cve
added 2022/08/01 3:40 p.m.81 views

CVE-2022-34162

IBM CICS TX 11.1 is affected by CVE-2022-34162 (clickjacking). IBM CICS TX Standard and IBM CICS TX Advanced (both 11.1) could allow a remote attacker to hijack a victim’s clicking actions by convincing the user to visit a malicious web page, potentially enabling further attacks. IBM references t...

6.1CVSS6.1AI score0.00708EPSS
cve
cve
added 2022/07/08 5:0 p.m.80 views

CVE-2022-34166

CVE-2022-34166 affects IBM CICS TX Standard and IBM CICS TX Advanced (11.1). The issue is a cross-site scripting vulnerability allowing embedded arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM's advisories state the vulnerability is ...

5.4CVSS5.2AI score0.00691EPSS
cve
cve
added 2023/06/08 12:35 a.m.80 views

CVE-2023-33847

IBM TXSeries for Multiplatforms (versions 8.1–9.1) and IBM CICS TX Standard/Advanced (TX Standard 11.1; TX Advanced 10.1–11.1) expose a vulnerability where authorization tokens and session cookies are issued without the Secure attribute. This allows an attacker to obtain cookie values by luring a...

3.7CVSS3.4AI score0.00628EPSS
cve
cve
added 2022/08/01 3:41 p.m.79 views

CVE-2022-34164

IBM CICS TX 11.1 (Standard and Advanced) is affected by CVE-2022-34164 due to improper input validation that could allow a local user to impersonate another legitimate user. IBM bulletins confirm affected versions 11.1 and provide remediation by applying interim fixes (e.g., defects like 127640) ...

5.9CVSS5.2AI score0.00216EPSS
cve
cve
added 2022/08/01 3:41 p.m.79 views

CVE-2022-34307

CVE-2022-34307 affects IBM CICS TX 11.1 across multiple SKUs (Standard/Advanced). The issue: authorization tokens and session cookies are sent without the Secure attribute, allowing a user’s cookie values to be exposed if they are lured to click an http:// link or view a site that reuses the inse...

4.3CVSS4.1AI score0.00459EPSS
cve
cve
added 2025/05/08 9:53 p.m.78 views

CVE-2025-1329

CVE-2025-1329 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1. The root cause is failure to correctly handle DNS return requests by the gethostbyaddr function, allowing a local user to execute arbitrary code. Public sources in the connected documents confirm the impact is...

7.8CVSS7.4AI score0.00228EPSS
cve
cve
added 2022/08/01 3:40 p.m.74 views

CVE-2022-33955

CVE-2022-33955 affects IBM CICS TX on 11.1 (Standard/Advanced) and is caused by a back-and-refresh attack that a person with physical access can exploit to execute code. IBM reports CVSS base score 4.3 (vector CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L); NVD lists a higher score (6.8) under CVS...

6.8CVSS6.5AI score0.00534EPSS
cve
cve
added 2022/10/07 5:0 p.m.73 views

CVE-2022-34308

The CVE-2022-34308 entry relates to IBM CICS TX 11.1 and describes a local user denial-of-service due to improper load handling. Connected IBM security bulletins confirm affected products and versions: IBM CICS TX Standard and IBM CICS TX Advanced both list 11.1 as affected, with remediation stat...

6.2CVSS5.2AI score0.0021EPSS
cve
cve
added 2023/06/08 12:39 a.m.73 views

CVE-2023-33846

CVE-2023-33846 affects IBM TXSeries for Multiplatforms (8.1, 8.2, 9.1) and IBM CICS TX Standard/Advanced (11.1, 10.1) with a cross-site scripting flaw in the Web UI that can let an attacker embed arbitrary JavaScript, potentially leading to credentials disclosure in a trusted session. Remediation...

5.4CVSS5.2AI score0.0051EPSS
cve
cve
added 2022/07/08 5:0 p.m.71 views

CVE-2022-34167

CVE-2022-34167 affects IBM CICS TX Standard and IBM CICS TX Advanced (11.1). The vulnerability is a stored cross-site scripting flaw in the Web UI that allows embedding arbitrary JavaScript, potentially enabling credentials disclosure within a trusted session. Root cause: insufficient input valid...

5.4CVSS5.1AI score0.00691EPSS
cve
cve
added 2023/11/13 1:47 a.m.71 views

CVE-2023-38364

CVE-2023-38364 affects IBM CICS TX Advanced 10.1. The vulnerability is a cross-site scripting (XSS) flaw arising from insufficient input handling in the Web UI, enabling an attacker to embed arbitrary JavaScript within a trusted session. The CVSS v3.1 base score is 6.1 (Network attack, user inter...

6.1CVSS5.8AI score0.00451EPSS
cve
cve
added 2024/11/01 4:53 p.m.71 views

CVE-2024-41744

CVE-2024-41744 affects IBM CICS TX Standard Web UI (11.1). The Red Hat/IBM bulletin and NVD entries describe a Cross-Site Request Forgery (CSRF) flaw that could allow an attacker to induce unauthorized actions from a trusted user. Remediation guidance in the connected documents is to upgrade/patc...

8.8CVSS6.5AI score0.00193EPSS
cve
cve
added 2022/08/01 3:40 p.m.68 views

CVE-2022-34161

CVE-2022-34161 affects IBM CICS TX 11.1 (Standard/Advanced). The vulnerability is a cross-site request forgery that could let an attacker perform malicious, unauthorized actions on behalf of a trusted user. IBM’s security bulletins confirm the issue and note fixes for CICS TX Standard/Advanced 11...

8.8CVSS8.4AI score0.00383EPSS
cve
cve
added 2022/11/14 5:5 p.m.68 views

CVE-2022-34313

CVE-2022-34313 affects IBM CICS TX 11.1, where authorization tokens and session cookies are created without the secure attribute, enabling exposure of cookie values when users click on or load http:// links. The issue is documented across IBM advisories (Standard and Advanced) and external refere...

4.3CVSS3.6AI score0.006EPSS
cve
cve
added 2022/08/01 3:41 p.m.67 views

CVE-2022-34163

The CVE-2022-34163 issue affects IBM CICS TX Standard/Advanced 11.1. Root cause is improper validation of input in the HOST header, causing HTTP header injection that can enable cross-site scripting, cache poisoning, or session hijacking. IBM provides fixes for 11.1 (defect 127639) via interim up...

6.1CVSS6AI score0.00583EPSS
cve
cve
added 2022/11/14 5:34 p.m.67 views

CVE-2022-34329

CVE-2022-34329 – IBM CICS TX 11.7 information disclosure . The available documents confirm a vulnerability in IBM CICS TX 11.7 where an attacker could obtain sensitive information from HTTP response headers. The CVSS baseline in the sources is 5.3 (MEDIUM) with network access, low confidentiality...

5.3CVSS4.9AI score0.00673EPSS
cve
cve
added 2023/06/07 8:13 p.m.66 views

CVE-2023-33848

The CVE-2023-33848 issue affects IBM TXSeries for Multiplatforms (versions 8.1–9.1) and IBM CICS TX products, where enabling debug mode can let a privileged user obtain highly sensitive information. Affected components include IBM TXSeries for Multiplatforms and CICS TX Standard/Advanced (Standar...

6.5CVSS5.3AI score0.00795EPSS
cve
cve
added 2022/06/24 3:35 p.m.65 views

CVE-2022-31767

CVE-2022-31767 affects IBM CICS TX Standard and Advanced 11.1, enabling remote arbitrary command execution via a specially crafted request. Root cause is a vulnerability in handling requests that allows code execution. The IBM security bulletins for Standard and Advanced 11.1 describe interim fix...

10CVSS9.4AI score0.0469EPSS
cve
cve
added 2022/11/14 6:47 p.m.65 views

CVE-2022-34316

CVE-2022-34316 affects IBM CICS TX 11.1, where HTTP headers may not neutralize or may incorrectly neutralize web scripting syntax, potentially enabling abuse by components that process raw headers. Public details in IBM bulletins confirm the issue and cite IBM X-Force ID 229452. CVSS metrics plac...

5.3CVSS4.5AI score0.00642EPSS
cve
cve
added 2022/11/14 7:27 p.m.65 views

CVE-2022-34320

CVE-2022-34320 affects IBM CICS TX 11.1. The vulnerability arises from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM references the X-Force ID 229464 and documents a remediation path: IBM CICS TX Standard/Advan...

7.5CVSS6.3AI score0.00486EPSS
cve
cve
added 2023/10/24 5:50 p.m.65 views

CVE-2023-42031

Summary of CVE-2023-42031 (IBM TXSeries / CICS TX) : A denial-of-service vulnerability arises from uncontrolled resource consumption in IBM TXSeries for Multiplatforms (versions 8.1, 8.2, 9.1) and IBM CICS TX components (Standard 11.1; Advanced 10.1, 11.1). The root cause is improper input valida...

4.9CVSS4.9AI score0.01026EPSS
cve
cve
added 2022/11/14 5:23 p.m.64 views

CVE-2022-34319

CVE-2022-34319 affects IBM CICS TX family: specifically IBM CICS TX 11.7 uses weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Connected documents also reference IBM CICS TX Standard/Advanced around version 11.1 and indicate fixes/remediations ...

7.5CVSS6.3AI score0.00478EPSS
cve
cve
added 2023/11/02 11:48 p.m.64 views

CVE-2023-43018

CVE-2023-43018 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1/11.1, where an operation runs at a privilege level higher than the minimum required, potentially creating or amplifying weaknesses. Public details in connected sources confirm the affected products and versions, with n...

7.5CVSS6.5AI score0.00448EPSS
cve
cve
added 2022/11/14 5:49 p.m.63 views

CVE-2022-34312

CVE-2022-34312 affects IBM CICS TX 11.1. The vulnerability allows web pages to be stored locally and read by another user on the same system, constituting an information disclosure. Affected products include IBM CICS TX Standard and IBM CICS TX Advanced (both 11.1). The issue’s base metrics show ...

4CVSS3.2AI score0.00208EPSS
cve
cve
added 2025/05/08 9:55 p.m.63 views

CVE-2025-1331

IBM CICS TX code execution (CVE-2025-1331) affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1/11.1. Root cause: unsafe use of the gets function, enabling a local user to execute arbitrary code. CVSS v3.1 base score 7.8 (LOCAL, HIGH impacts; privileges/impact). Remediation: apply fixe...

7.8CVSS7.5AI score0.00228EPSS
cve
cve
added 2022/11/14 7:10 p.m.62 views

CVE-2022-34317

IBM CICS TX 11.1 is affected by CVE-2022-34317, a cross-site scripting vulnerability in the Web UI that can permit arbitrary JavaScript execution and potentially credentials disclosure within a trusted session. Root cause: improper input handling in the Web UI. Impact is UI-level, with potential ...

5.4CVSS5.2AI score0.00493EPSS
cve
cve
added 2022/11/14 5:56 p.m.62 views

CVE-2022-38705

IBM CICS TX 11.1 Standard and Advanced are affected by CVE-2022-38705 due to a reverse tabnabbing flaw that could let a remote attacker bypass security restrictions and redirect users to phishing sites. Affected products include IBM CICS TX Standard and IBM CICS TX Advanced (both 11.1). The IBM s...

6.1CVSS5.7AI score0.00667EPSS
cve
cve
added 2023/06/07 9:24 p.m.62 views

CVE-2023-33849

CVE-2023-33849 affects IBM TXSeries for Multiplatforms (8.1–9.1) and IBM CICS TX variants (Standard 11.1, Advanced 10.1/11.1). The vulnerability enables transmission of highly sensitive information in query parameters that can be intercepted via man‑in‑the‑middle techniques. Impact is described a...

3.7CVSS3.7AI score0.00379EPSS
cve
cve
added 2023/11/02 11:44 p.m.62 views

CVE-2023-42029

CVE-2023-42029 affects IBM CICS TX Standard 11.1, IBM CICS TX Advanced 10.1 and 11.1, and TXSeries for Multiplatforms 8.1–9.1. Issue: cross-site scripting in the Web UI that can embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted session. Root cause: improper...

5.4CVSS5.2AI score0.0041EPSS
cve
cve
added 2025/01/16 5:13 p.m.62 views

CVE-2024-41746

CVE-2024-41746 affects IBM CICS TX Advanced 10.1 and 11.1, and IBM CICS TX Standard 11.1. The Red Hat/IBM and CVE records consistently describe a stored cross-site scripting flaw in the Web UI that enables embedding of arbitrary JavaScript, potentially altering functionality and leading to creden...

7.2CVSS6.3AI score0.00228EPSS
cve
cve
added 2022/11/14 6:18 p.m.60 views

CVE-2022-34315

IBM CICS TX 11.1 is affected by CVE-2022-34315, a cross-site scripting vulnerability that could allow embedding arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected products include IBM CICS TX Standard and Advanced (11.1). Remediation notes f...

5.4CVSS5.2AI score0.00493EPSS
cve
cve
added 2025/05/08 9:54 p.m.59 views

CVE-2025-1330

CVE-2025-1330 affects IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1. The vulnerability stems from improper handling of DNS return requests by the gethostbyname function, allowing a local user to execute arbitrary code on the system. Impact is described as a local code execution...

7.8CVSS7.8AI score0.00228EPSS
cve
cve
added 2024/11/01 4:48 p.m.56 views

CVE-2024-41745

CVE-2024-41745 affects IBM CICS TX Standard Web UI with a cross-site scripting (XSS) vulnerability. An unauthenticated attacker can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM-issued guidance indicates the vulnerability is ...

6.1CVSS6AI score0.00258EPSS
cve
cve
added 2022/11/14 6:38 p.m.54 views

CVE-2022-34314

The CVE-2022-34314 entry concerns IBM CICS TX 11.1, where insecure permission settings could disclose sensitive information to a local user. This is evidenced by multiple connected sources (IBM Security Bulletins for Standard and Advanced editions) indicating an information-disclosure vulnerabili...

4CVSS3.5AI score0.00177EPSS
cve
cve
added 2024/02/12 6:12 p.m.53 views

CVE-2022-34311

CVE-2022-34311 affects IBM CICS TX Standard and IBM CICS TX Advanced 11.1. The issue allows a user with physical access to the web browser to gain access to the user’s session due to insufficiently protected credentials. CVSS v3 base score 4.3 (Attacker: Physical, Privileges Required: None, User ...

4.3CVSS4.5AI score0.00359EPSS