Stored Cross-Site Scripting Vulnerability in IBM CICS TX
CVE-2022-34167

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Cics Tx Standard
Cics Tx Advanced
Vendor
CVE Published:
8 July 2022

Summary

IBM CICS TX Standard and Advanced 11.1 are vulnerable to stored cross-site scripting, allowing attackers to inject arbitrary JavaScript code through the Web UI. This manipulation can alter the intended functionality of the application, potentially leading to the disclosure of sensitive user credentials during a trusted session. Organizations using affected versions are advised to assess their security posture and apply necessary mitigations to protect against this vulnerability.

Affected Version(s)

CICS TX Advanced 11.1

CICS TX Standard 11.1

References

https://www.ibm.com/support/pages/node/6601655
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6601657
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/229432
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.