Cics Tx@11.1 Security Vulnerabilities and Issues — Cics Tx@11.1 CVE List

Lucene search

IbmCics Tx11.1

32 matches found

CVE•added 2024/02/12 7:15 p.m.•3995 views

CVE-2022-34309

IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.

7.5CVSS5.5AI score0.00033EPSS

CVE•added 2022/12/12 1:15 p.m.•202 views

CVE-2022-34318

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-For...

6.1CVSS5.8AI score0.00045EPSS

CVE•added 2023/08/22 9:15 p.m.•168 views

CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive informatio...

7.5CVSS7.4AI score0.00034EPSS

CVE•added 2022/07/08 5:15 p.m.•92 views

CVE-2022-34160

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330.

5.8CVSS5.5AI score0.00299EPSS

CVE•added 2023/11/03 12:15 a.m.•84 views

CVE-2023-42027

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.

8.8CVSS6.4AI score0.0004EPSS

CVE•added 2022/07/08 5:15 p.m.•74 views

CVE-2022-34306

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

5.5CVSS5.3AI score0.00414EPSS

CVE•added 2022/07/08 5:15 p.m.•67 views

CVE-2022-34166

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430.

5.4CVSS5.2AI score0.00428EPSS

CVE•added 2022/08/01 4:15 p.m.•66 views

CVE-2022-34162

6.1CVSS6.1AI score0.00058EPSS

CVE•added 2022/08/01 4:15 p.m.•62 views

CVE-2022-34164

IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338.

5.9CVSS5.2AI score0.00019EPSS

CVE•added 2023/06/08 1:15 a.m.•60 views

CVE-2023-33847

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site ...

3.7CVSS3.4AI score0.00066EPSS

CVE•added 2022/08/01 4:15 p.m.•59 views

CVE-2022-34307

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can th...

4.3CVSS4.1AI score0.00045EPSS

CVE•added 2022/08/01 4:15 p.m.•58 views

CVE-2022-33955

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.

6.8CVSS6.5AI score0.0006EPSS

CVE•added 2022/07/08 5:15 p.m.•57 views

CVE-2022-34167

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2294...

5.4CVSS5.1AI score0.00277EPSS

CVE•added 2022/10/07 5:15 p.m.•56 views

CVE-2022-34308

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437.

6.2CVSS5.2AI score0.0002EPSS

CVE•added 2022/11/14 6:15 p.m.•56 views

CVE-2022-34313

4.3CVSS3.6AI score0.00086EPSS

CVE•added 2023/06/08 1:15 a.m.•56 views

CVE-2023-33846

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...

5.4CVSS5.2AI score0.00076EPSS

CVE•added 2022/08/01 4:15 p.m.•55 views

CVE-2022-34161

IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331.

8.8CVSS8.4AI score0.00048EPSS

CVE•added 2022/06/24 4:15 p.m.•53 views

CVE-2022-31767

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.

10CVSS9.4AI score0.01443EPSS

CVE•added 2022/08/01 4:15 p.m.•52 views

CVE-2022-34163

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333.

6.1CVSS6AI score0.00119EPSS

CVE•added 2023/06/07 9:15 p.m.•51 views

CVE-2023-33848

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a privileged user to obtain highly sensitive information by enabling debug mode. IBM X-Force ID: 257104.

6.5CVSS5.3AI score0.00055EPSS

CVE•added 2022/11/14 8:15 p.m.•50 views

CVE-2022-34320

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.

7.5CVSS6.3AI score0.0003EPSS

CVE•added 2022/11/14 6:15 p.m.•49 views

CVE-2022-38705

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.

6.1CVSS5.7AI score0.0003EPSS

CVE•added 2023/10/25 6:17 p.m.•49 views

CVE-2023-42031

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.

4.9CVSS4.9AI score0.00092EPSS

CVE•added 2022/11/14 6:15 p.m.•48 views

CVE-2022-34312

IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.

4CVSS3.2AI score0.00029EPSS

CVE•added 2023/11/03 12:15 a.m.•48 views

CVE-2023-42029

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

5.4CVSS5.2AI score0.00059EPSS

CVE•added 2022/11/14 7:15 p.m.•47 views

CVE-2022-34316

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

5.3CVSS4.5AI score0.00073EPSS

CVE•added 2022/11/14 8:15 p.m.•47 views

CVE-2022-34317

IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.

5.4CVSS5.2AI score0.00103EPSS

CVE•added 2023/11/03 12:15 a.m.•47 views

CVE-2023-43018

IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.

7.5CVSS6.5AI score0.00037EPSS

CVE•added 2022/11/14 7:15 p.m.•46 views

CVE-2022-34315

5.4CVSS5.2AI score0.00151EPSS

CVE•added 2023/06/07 10:15 p.m.•44 views

CVE-2023-33849

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

3.7CVSS3.7AI score0.00046EPSS

CVE•added 2022/11/14 7:15 p.m.•41 views

CVE-2022-34314

IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.

4CVSS3.5AI score0.00026EPSS

CVE•added 2024/02/12 7:15 p.m.•35 views

CVE-2022-34311

IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.

4.3CVSS4.5AI score0.00034EPSS