IBM CICS Transaction Gateway Vulnerability: Authentication Credentials at Risk
CVE-2023-50310

7.5HIGH

Key Information:

Vendor: IBM
Status: Cics Transaction Gateway For Multiplatforms
Vendor: CVE Published:; 23 October 2024

What is CVE-2023-50310?

The vulnerability associated with IBM CICS Transaction Gateway for Multiplatforms versions 9.2 and 9.3 relates to the insecure transmission and storage of authentication credentials. This method puts user data at risk as it can be intercepted or retrieved by unauthorized entities. By failing to implement secure practices in handling sensitive information, the gateway exposes systems to potential breaches and attacks, necessitating immediate attention to ensure robust security measures are implemented.

Affected Version(s)

CICS Transaction Gateway for Multiplatforms 9.2, 9.3

References

https://www.ibm.com/support/pages/node/7145418

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024
Vulnerability Reserved
Dec 7, 2023