Cross-Site Scripting Vulnerability in CICS TX Advanced 10.1 Could Lead to Credentials Disclosure
CVE-2023-38360
6.1MEDIUM
Summary
IBM CICS TX Advanced 10.1 is susceptible to a cross-site scripting (XSS) vulnerability, allowing adversaries to inject arbitrary JavaScript code through the Web UI. This exploitation could disrupt the application’s intended operations and potentially expose user credentials during a trusted session. Users should assess their security posture and consider immediate mitigation strategies to safeguard sensitive data.
Affected Version(s)
CICS TX Advanced 10.1
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved