HTML Injection Vulnerability in IBM CICS TX Standard and Advanced Products
CVE-2022-34160

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Cics Tx Advanced
Cics Tx Standard
Vendor
CVE Published:
8 July 2022

What is CVE-2022-34160?

IBM CICS TX Standard and Advanced 11.1 is susceptible to an HTML injection flaw that allows remote attackers to inject malicious HTML code. When users access compromised content, this code executes within their web browser's security context of the hosting site, potentially leading to unauthorized actions and data exposure.

Affected Version(s)

CICS TX Advanced 11.1

CICS TX Standard 11.1

References

https://www.ibm.com/support/pages/node/6601553
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6601555
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/229330
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.