Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption
CVE-2022-34310

7.5HIGH

Key Information:

Vendor: IBM
Status: Cics Tx Standard; Cics Tx Advanced
Vendor: CVE Published:; 12 February 2024

Summary

IBM CICS TX Standard and Advanced version 11.1 exhibits a vulnerability due to the use of cryptographic algorithms that do not meet security expectations. This could potentially allow adversaries to decrypt highly sensitive information, posing significant risks to data integrity and confidentiality. Organizations utilizing these products should be aware of the implications and consider necessary security measures to mitigate potential threats. For further details and official recommendations, refer to IBM's advisories.

Affected Version(s)

CICS TX Advanced 11.1

CICS TX Standard 11.1

References

https://www.ibm.com/support/pages/node/6832922

vendor-advisory

https://www.ibm.com/support/pages/node/6832924

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/229441

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Jun 22, 2022