Session Cookie Vulnerability in IBM CICS TX 11.1
CVE-2022-34307

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Cics Tx Advanced
Cics Tx Standard
Vendor
CVE Published:
1 August 2022

Summary

IBM CICS TX 11.1 suffers from a vulnerability that fails to apply the secure attribute to authorization tokens and session cookies. This oversight allows malicious actors to potentially intercept cookie values through insecure HTTP links. By tricking users into visiting vulnerable sites or sending them deceptive links, attackers can obtain sensitive session information, leading to unauthorized access and potential data breaches.

Affected Version(s)

CICS TX Advanced 11.1

CICS TX Standard 11.1

References

https://www.ibm.com/support/pages/node/6608210
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6608208
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/229436
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.