IBM CICS TX information disclosure
CVE-2023-33849

3.7LOW

Key Information:

Vendor: IBM
Status: TXSeries for Multiplatforms; CICS TX Standard; CICS TX Advanced
Vendor: CVE Published:; 7 June 2023

Summary

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

Affected Version(s)

CICS TX Advanced 10.1, 11.1

CICS TX Standard 11.1

TXSeries for Multiplatforms 8.1, 8.2, 9.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/257105

vdb-entry

https://www.ibm.com/support/pages/node/7001687

vendor-advisory

https://www.ibm.com/support/pages/node/7001697

vendor-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
May 23, 2023