Lucene search

IbmVULNRICHMENT:CVE-2023-42029

HistoryNov 02, 2023 - 11:44 p.m.

CVE-2023-42029 IBM CICS TX cross-site scripting

2023-11-0223:44:23

CWE-79

ibm

github.com

ibm cics tx

standard 11.1

advanced 10.1

txseries for multiplatforms 8.1

8.2

9.1

cross-site scripting

web ui

credentials disclosure.

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.

References

exchange.xforce.ibmcloud.com/vulnerabilities/266059

www.ibm.com/support/pages/node/7063659

www.ibm.com/support/pages/node/7063663