IBM CICS TX cross-site scripting
CVE-2023-33846

5.4MEDIUM

Key Information:

Vendor
IBM
Status
TXSeries for Multiplatforms
CICS TX Standard
CICS TX Advanced
Vendor
CVE Published:
8 June 2023

Summary

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.

Affected Version(s)

CICS TX Advanced 10.1, 11.1

CICS TX Standard 11.1

TXSeries for Multiplatforms 8.1, 8.2, 9.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/257100
vdb-entry
https://www.ibm.com/support/pages/node/7001601
vendor-advisory
https://www.ibm.com/support/pages/node/7001629
vendor-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.