Search criteria
138 vulnerabilities found for cics_tx by ibm
FKIE_CVE-2025-1331
Vulnerability from fkie_nvd - Published: 2025-05-08 22:15 - Updated: 2025-06-05 14:29
Severity ?
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232923 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232924 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_1:*:*:standard:*:*:*",
"matchCriteriaId": "02FE1FD1-BEB7-485B-8C4F-69BB0B364800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_10:*:*:standard:*:*:*",
"matchCriteriaId": "1EBA5FE4-2B16-4D6E-A52E-5614110E45C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_11:*:*:standard:*:*:*",
"matchCriteriaId": "3FB7C53F-5384-4042-ABBE-AA255D96D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_12:*:*:standard:*:*:*",
"matchCriteriaId": "6196BF21-4784-4847-AEED-0B5F3749A07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_13:*:*:standard:*:*:*",
"matchCriteriaId": "1F0D1169-6A66-4588-9BB7-B3898BF6306A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_14:*:*:standard:*:*:*",
"matchCriteriaId": "7E7D1F83-B8B4-4710-A824-82FEE0DD7B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_15:*:*:standard:*:*:*",
"matchCriteriaId": "F4353747-B2A2-44CF-BD15-A0FC108C71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_16:*:*:standard:*:*:*",
"matchCriteriaId": "D1ACC485-4989-4ADC-9923-35908C4E63D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_17:*:*:standard:*:*:*",
"matchCriteriaId": "F410DA77-7FB6-47F4-97A7-AF3D725AF694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_18:*:*:standard:*:*:*",
"matchCriteriaId": "0147202F-5060-4B63-9914-9C18834E7F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_19:*:*:standard:*:*:*",
"matchCriteriaId": "ACA1A661-525E-4BA0-8AEC-C8DB13F56289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_2:*:*:standard:*:*:*",
"matchCriteriaId": "630F214B-71DD-426B-94A7-656F300B51D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_20:*:*:standard:*:*:*",
"matchCriteriaId": "92756083-B2B5-471A-B15D-F6DD13F5E7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_21:*:*:standard:*:*:*",
"matchCriteriaId": "B2962EF0-F3B6-4ED6-93C0-802905B8BB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_22:*:*:standard:*:*:*",
"matchCriteriaId": "63D2829D-7115-48DB-9365-9A2FF0138F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_23:*:*:standard:*:*:*",
"matchCriteriaId": "D3A879A0-BAE4-4715-8C0D-80F03106536C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_24:*:*:standard:*:*:*",
"matchCriteriaId": "3C8FB5E7-BF3F-44AE-890E-0E67D4EF6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_3:*:*:standard:*:*:*",
"matchCriteriaId": "6164818E-D76D-4B89-B97A-837D204B765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_4:*:*:standard:*:*:*",
"matchCriteriaId": "B15AA178-3D88-42AD-8714-67B53900766C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_5:*:*:standard:*:*:*",
"matchCriteriaId": "4096B83E-4FE3-44EE-AD25-F3C3CA8FD5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_6:*:*:standard:*:*:*",
"matchCriteriaId": "01459EE9-70B4-4009-97A5-6CF02D846BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_7:*:*:standard:*:*:*",
"matchCriteriaId": "4B79D8FE-7F05-44D0-AF61-1A66459FC154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_8:*:*:standard:*:*:*",
"matchCriteriaId": "30520211-E2D2-4885-B4D3-ACF92523BC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_9:*:*:standard:*:*:*",
"matchCriteriaId": "67835C0E-A8A6-40CE-801F-79AC3E61E854",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
},
{
"lang": "es",
"value": "IBM CICS TX Standard 11.1 e IBM CICS TX Advanced 10.1 y 11.1 podr\u00edan permitir que un usuario local ejecute c\u00f3digo arbitrario en el sistema debido al uso inseguro de la funci\u00f3n gets."
}
],
"id": "CVE-2025-1331",
"lastModified": "2025-06-05T14:29:03.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-05-08T22:15:18.320",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-242"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-1330
Vulnerability from fkie_nvd - Published: 2025-05-08 22:15 - Updated: 2025-06-05 14:29
Severity ?
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232923 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232924 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_1:*:*:standard:*:*:*",
"matchCriteriaId": "02FE1FD1-BEB7-485B-8C4F-69BB0B364800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_10:*:*:standard:*:*:*",
"matchCriteriaId": "1EBA5FE4-2B16-4D6E-A52E-5614110E45C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_11:*:*:standard:*:*:*",
"matchCriteriaId": "3FB7C53F-5384-4042-ABBE-AA255D96D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_12:*:*:standard:*:*:*",
"matchCriteriaId": "6196BF21-4784-4847-AEED-0B5F3749A07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_13:*:*:standard:*:*:*",
"matchCriteriaId": "1F0D1169-6A66-4588-9BB7-B3898BF6306A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_14:*:*:standard:*:*:*",
"matchCriteriaId": "7E7D1F83-B8B4-4710-A824-82FEE0DD7B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_15:*:*:standard:*:*:*",
"matchCriteriaId": "F4353747-B2A2-44CF-BD15-A0FC108C71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_16:*:*:standard:*:*:*",
"matchCriteriaId": "D1ACC485-4989-4ADC-9923-35908C4E63D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_17:*:*:standard:*:*:*",
"matchCriteriaId": "F410DA77-7FB6-47F4-97A7-AF3D725AF694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_18:*:*:standard:*:*:*",
"matchCriteriaId": "0147202F-5060-4B63-9914-9C18834E7F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_19:*:*:standard:*:*:*",
"matchCriteriaId": "ACA1A661-525E-4BA0-8AEC-C8DB13F56289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_2:*:*:standard:*:*:*",
"matchCriteriaId": "630F214B-71DD-426B-94A7-656F300B51D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_20:*:*:standard:*:*:*",
"matchCriteriaId": "92756083-B2B5-471A-B15D-F6DD13F5E7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_21:*:*:standard:*:*:*",
"matchCriteriaId": "B2962EF0-F3B6-4ED6-93C0-802905B8BB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_22:*:*:standard:*:*:*",
"matchCriteriaId": "63D2829D-7115-48DB-9365-9A2FF0138F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_23:*:*:standard:*:*:*",
"matchCriteriaId": "D3A879A0-BAE4-4715-8C0D-80F03106536C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_24:*:*:standard:*:*:*",
"matchCriteriaId": "3C8FB5E7-BF3F-44AE-890E-0E67D4EF6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_3:*:*:standard:*:*:*",
"matchCriteriaId": "6164818E-D76D-4B89-B97A-837D204B765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_4:*:*:standard:*:*:*",
"matchCriteriaId": "B15AA178-3D88-42AD-8714-67B53900766C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_5:*:*:standard:*:*:*",
"matchCriteriaId": "4096B83E-4FE3-44EE-AD25-F3C3CA8FD5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_6:*:*:standard:*:*:*",
"matchCriteriaId": "01459EE9-70B4-4009-97A5-6CF02D846BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_7:*:*:standard:*:*:*",
"matchCriteriaId": "4B79D8FE-7F05-44D0-AF61-1A66459FC154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_8:*:*:standard:*:*:*",
"matchCriteriaId": "30520211-E2D2-4885-B4D3-ACF92523BC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_9:*:*:standard:*:*:*",
"matchCriteriaId": "67835C0E-A8A6-40CE-801F-79AC3E61E854",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function."
},
{
"lang": "es",
"value": "IBM CICS TX Standard 11.1 e IBM CICS TX Advanced 10.1 y 11.1 podr\u00edan permitir que un usuario local ejecute c\u00f3digo arbitrario en el sistema debido a una falla en el manejo de las solicitudes de retorno de DNS por parte de la funci\u00f3n gethostbyname."
}
],
"id": "CVE-2025-1330",
"lastModified": "2025-06-05T14:29:17.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-05-08T22:15:18.173",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-1329
Vulnerability from fkie_nvd - Published: 2025-05-08 22:15 - Updated: 2025-06-05 14:30
Severity ?
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the
gethostbyaddr
function.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232923 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232924 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| ibm | cics_tx | 11.1.0.0 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_1:*:*:standard:*:*:*",
"matchCriteriaId": "02FE1FD1-BEB7-485B-8C4F-69BB0B364800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_10:*:*:standard:*:*:*",
"matchCriteriaId": "1EBA5FE4-2B16-4D6E-A52E-5614110E45C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_11:*:*:standard:*:*:*",
"matchCriteriaId": "3FB7C53F-5384-4042-ABBE-AA255D96D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_12:*:*:standard:*:*:*",
"matchCriteriaId": "6196BF21-4784-4847-AEED-0B5F3749A07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_13:*:*:standard:*:*:*",
"matchCriteriaId": "1F0D1169-6A66-4588-9BB7-B3898BF6306A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_14:*:*:standard:*:*:*",
"matchCriteriaId": "7E7D1F83-B8B4-4710-A824-82FEE0DD7B80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_15:*:*:standard:*:*:*",
"matchCriteriaId": "F4353747-B2A2-44CF-BD15-A0FC108C71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_16:*:*:standard:*:*:*",
"matchCriteriaId": "D1ACC485-4989-4ADC-9923-35908C4E63D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_17:*:*:standard:*:*:*",
"matchCriteriaId": "F410DA77-7FB6-47F4-97A7-AF3D725AF694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_18:*:*:standard:*:*:*",
"matchCriteriaId": "0147202F-5060-4B63-9914-9C18834E7F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_19:*:*:standard:*:*:*",
"matchCriteriaId": "ACA1A661-525E-4BA0-8AEC-C8DB13F56289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_2:*:*:standard:*:*:*",
"matchCriteriaId": "630F214B-71DD-426B-94A7-656F300B51D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_20:*:*:standard:*:*:*",
"matchCriteriaId": "92756083-B2B5-471A-B15D-F6DD13F5E7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_21:*:*:standard:*:*:*",
"matchCriteriaId": "B2962EF0-F3B6-4ED6-93C0-802905B8BB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_22:*:*:standard:*:*:*",
"matchCriteriaId": "63D2829D-7115-48DB-9365-9A2FF0138F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_23:*:*:standard:*:*:*",
"matchCriteriaId": "D3A879A0-BAE4-4715-8C0D-80F03106536C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_24:*:*:standard:*:*:*",
"matchCriteriaId": "3C8FB5E7-BF3F-44AE-890E-0E67D4EF6605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_3:*:*:standard:*:*:*",
"matchCriteriaId": "6164818E-D76D-4B89-B97A-837D204B765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_4:*:*:standard:*:*:*",
"matchCriteriaId": "B15AA178-3D88-42AD-8714-67B53900766C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_5:*:*:standard:*:*:*",
"matchCriteriaId": "4096B83E-4FE3-44EE-AD25-F3C3CA8FD5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_6:*:*:standard:*:*:*",
"matchCriteriaId": "01459EE9-70B4-4009-97A5-6CF02D846BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_7:*:*:standard:*:*:*",
"matchCriteriaId": "4B79D8FE-7F05-44D0-AF61-1A66459FC154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_8:*:*:standard:*:*:*",
"matchCriteriaId": "30520211-E2D2-4885-B4D3-ACF92523BC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_9:*:*:standard:*:*:*",
"matchCriteriaId": "67835C0E-A8A6-40CE-801F-79AC3E61E854",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the \n\ngethostbyaddr \n\n function."
},
{
"lang": "es",
"value": "IBM CICS TX Standard 11.1 e IBM CICS TX Advanced 10.1 y 11.1 podr\u00edan permitir que un usuario local ejecute c\u00f3digo arbitrario en el sistema debido a una falla en el manejo de las solicitudes de retorno de DNS por parte de la funci\u00f3n gethostbyaddr."
}
],
"id": "CVE-2025-1329",
"lastModified": "2025-06-05T14:30:37.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-05-08T22:15:17.163",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-41746
Vulnerability from fkie_nvd - Published: 2025-01-16 18:15 - Updated: 2025-08-14 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7171873 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:advanced:*:*:*",
"matchCriteriaId": "E9A6DBF4-1669-4157-BC29-47BDBECC02C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM CICS TX Advanced 10.1, 11.1 y Standard 11.1 son vulnerables a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2024-41746",
"lastModified": "2025-08-14T17:15:34.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-16T18:15:22.863",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7171873"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41745
Vulnerability from fkie_nvd - Published: 2024-11-01 17:15 - Updated: 2024-11-14 20:35
Severity ?
Summary
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7174576 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": " IBM CICS TX Standard es vulnerable a ataques de cross site scripting. Esta vulnerabilidad permite que un atacante no autenticado incorpore c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2024-41745",
"lastModified": "2024-11-14T20:35:33.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2024-11-01T17:15:16.800",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7174576"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-41744
Vulnerability from fkie_nvd - Published: 2024-11-01 17:15 - Updated: 2025-06-18 18:17
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7174576 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | cics_tx | 11.1.0.0 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
},
{
"lang": "es",
"value": "IBM CICS TX Standard 11.1 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web conf\u00eda."
}
],
"id": "CVE-2024-41744",
"lastModified": "2025-06-18T18:17:55.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-01T17:15:16.567",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7174576"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-38360
Vulnerability from fkie_nvd - Published: 2024-03-04 18:15 - Updated: 2025-01-07 21:23
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769."
},
{
"lang": "es",
"value": "IBM CICS TX Advanced 10.1 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 260769."
}
],
"id": "CVE-2023-38360",
"lastModified": "2025-01-07T21:23:43.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-04T18:15:08.743",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260769"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7066435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7066435"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-38362
Vulnerability from fkie_nvd - Published: 2024-03-04 16:15 - Updated: 2025-01-07 21:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814."
},
{
"lang": "es",
"value": "IBM CICS TX Advanced 10.1 podr\u00eda revelar informaci\u00f3n confidencial a un atacante remoto debido a una discrepancia observable en las respuestas HTTP. ID de IBM X-Force: 260814."
}
],
"id": "CVE-2023-38362",
"lastModified": "2025-01-07T21:24:06.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-04T16:15:49.130",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260814"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7066430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7066430"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34311
Vulnerability from fkie_nvd - Published: 2024-02-12 19:15 - Updated: 2024-11-21 07:09
Severity ?
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user\u0027s session due to insufficiently protected credentials. IBM X-Force ID: 229446."
},
{
"lang": "es",
"value": "IBM CICS TX Standard y Advanced 11.1 podr\u00edan permitir que un usuario con acceso f\u00edsico al navegador web obtenga acceso a la sesi\u00f3n del usuario debido a que las credenciales no est\u00e1n suficientemente protegidas. ID de IBM X-Force: 229446."
}
],
"id": "CVE-2022-34311",
"lastModified": "2024-11-21T07:09:16.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T19:15:09.080",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229446"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832928"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832930"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-34309
Vulnerability from fkie_nvd - Published: 2024-02-12 19:15 - Updated: 2024-11-21 07:09
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440."
},
{
"lang": "es",
"value": "IBM CICS TX Standard y Advanced 11.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 229440."
}
],
"id": "CVE-2022-34309",
"lastModified": "2024-11-21T07:09:16.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T19:15:08.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832814"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832918"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-34310
Vulnerability from fkie_nvd - Published: 2024-02-12 18:15 - Updated: 2024-11-21 07:09
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/229441 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6832922 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6832924 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/229441 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6832922 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6832924 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cics_tx:*:*:*:*:standard:*:*:*",
"matchCriteriaId": "CD9B46EE-E9B5-4F1A-A4FC-1C3136A82700",
"versionEndExcluding": "11.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:advanced:*:*:*",
"matchCriteriaId": "E9A6DBF4-1669-4157-BC29-47BDBECC02C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:-:*:*:standard:*:*:*",
"matchCriteriaId": "2E54DF77-511D-4C8A-88B0-3ABB4E232273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_1:*:*:advanced:*:*:*",
"matchCriteriaId": "5E4B7AA4-0215-4B55-B0A5-B6988113539F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_1:*:*:standard:*:*:*",
"matchCriteriaId": "02FE1FD1-BEB7-485B-8C4F-69BB0B364800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_2:*:*:advanced:*:*:*",
"matchCriteriaId": "6958A7A8-E530-49AD-B303-75EE267D2835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_2:*:*:standard:*:*:*",
"matchCriteriaId": "630F214B-71DD-426B-94A7-656F300B51D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_3:*:*:advanced:*:*:*",
"matchCriteriaId": "8C50DC0C-B29C-4E51-A0BF-E2F105607999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_3:*:*:standard:*:*:*",
"matchCriteriaId": "6164818E-D76D-4B89-B97A-837D204B765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_4:*:*:advanced:*:*:*",
"matchCriteriaId": "B84371E5-1F26-4259-BC53-35E1831F68E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cics_tx:11.1.0.0:interim_fix_4:*:*:standard:*:*:*",
"matchCriteriaId": "B15AA178-3D88-42AD-8714-67B53900766C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441."
},
{
"lang": "es",
"value": "IBM CICS TX Standard y Advanced 11.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 229441."
}
],
"id": "CVE-2022-34310",
"lastModified": "2024-11-21T07:09:16.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-12T18:15:07.830",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229441"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832922"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832924"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
CVE-2025-1331 (GCVE-0-2025-1331)
Vulnerability from cvelistv5 – Published: 2025-05-08 21:55 – Updated: 2025-08-28 14:19
VLAI?
Title
IBM CICS TX code execution
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
Severity ?
7.8 (High)
CWE
- CWE-242 - Use of Inherently Dangerous Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T03:55:12.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u0026nbsp;could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
}
],
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-242",
"description": "CWE-242 Use of Inherently Dangerous Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:19:41.668Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1331",
"datePublished": "2025-05-08T21:55:41.116Z",
"dateReserved": "2025-02-15T00:10:22.206Z",
"dateUpdated": "2025-08-28T14:19:41.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1330 (GCVE-0-2025-1330)
Vulnerability from cvelistv5 – Published: 2025-05-08 21:54 – Updated: 2025-08-28 14:19
VLAI?
Title
IBM CICS TX code execution
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T03:55:10.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u0026nbsp; could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function."
}
],
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:19:02.544Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1330",
"datePublished": "2025-05-08T21:54:42.271Z",
"dateReserved": "2025-02-15T00:10:21.346Z",
"dateUpdated": "2025-08-28T14:19:02.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1329 (GCVE-0-2025-1329)
Vulnerability from cvelistv5 – Published: 2025-05-08 21:53 – Updated: 2025-08-28 14:18
VLAI?
Title
IBM CICS TX code execution
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the
gethostbyaddr
function.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T03:55:09.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egethostbyaddr \u003c/span\u003e\n\n function."
}
],
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the \n\ngethostbyaddr \n\n function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:18:29.768Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1329",
"datePublished": "2025-05-08T21:53:48.475Z",
"dateReserved": "2025-02-15T00:10:20.672Z",
"dateUpdated": "2025-08-28T14:18:29.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41746 (GCVE-0-2024-41746)
Vulnerability from cvelistv5 – Published: 2025-01-16 17:13 – Updated: 2025-01-16 19:02
VLAI?
Title
IBM CICS TX cross-site scripting
Summary
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Advanced |
Affected:
10.1, 11.1
cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:*:*:* cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:*:*:* cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:02:35.735122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:02:43.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:*:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:*:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1, 11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T17:13:53.888Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7171873"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41746",
"datePublished": "2025-01-16T17:13:53.888Z",
"dateReserved": "2024-07-22T12:02:18.445Z",
"dateUpdated": "2025-01-16T19:02:43.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41744 (GCVE-0-2024-41744)
Vulnerability from cvelistv5 – Published: 2024-11-01 16:53 – Updated: 2024-11-01 17:22
VLAI?
Title
IBM CICS TX Standard cross-site request forgery
Summary
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity ?
6.5 (Medium)
CWE
- IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T17:19:16.770246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T17:22:23.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"value": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T16:53:32.755Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174576"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX Standard cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41744",
"datePublished": "2024-11-01T16:53:32.755Z",
"dateReserved": "2024-07-22T12:02:18.444Z",
"dateUpdated": "2024-11-01T17:22:23.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41745 (GCVE-0-2024-41745)
Vulnerability from cvelistv5 – Published: 2024-11-01 16:48 – Updated: 2024-11-01 17:23
VLAI?
Title
IBM CICS TX Standard cross-site scripting
Summary
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T17:23:48.304431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T17:23:58.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T16:48:49.374Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174576"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX Standard cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41745",
"datePublished": "2024-11-01T16:48:49.374Z",
"dateReserved": "2024-07-22T12:02:18.445Z",
"dateUpdated": "2024-11-01T17:23:58.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38360 (GCVE-0-2023-38360)
Vulnerability from cvelistv5 – Published: 2024-03-04 18:05 – Updated: 2024-08-02 17:39
VLAI?
Title
IBM CICS TX cross-site scripting
Summary
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Advanced |
Affected:
10.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:23:22.006351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:17.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7066435"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769."
}
],
"value": "IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T18:05:16.269Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7066435"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260769"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38360",
"datePublished": "2024-03-04T18:05:16.269Z",
"dateReserved": "2023-07-16T00:53:13.213Z",
"dateUpdated": "2024-08-02T17:39:12.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38362 (GCVE-0-2023-38362)
Vulnerability from cvelistv5 – Published: 2024-03-04 15:56 – Updated: 2024-08-02 17:39
VLAI?
Title
IBM CICS TX information disclosure
Summary
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Advanced |
Affected:
10.1
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cics_tx",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "10.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:04:14.537781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:04:52.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7066430"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814."
}
],
"value": "IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T15:56:12.254Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7066430"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38362",
"datePublished": "2024-03-04T15:56:12.254Z",
"dateReserved": "2023-07-16T00:53:13.213Z",
"dateUpdated": "2024-08-02T17:39:12.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34309 (GCVE-0-2022-34309)
Vulnerability from cvelistv5 – Published: 2024-02-12 19:06 – Updated: 2024-08-03 09:07
VLAI?
Title
IBM CICS TX information disclosure
Summary
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T15:29:40.852971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:50.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:15.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6832814"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6832918"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440."
}
],
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T19:06:07.762Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832814"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832918"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-34309",
"datePublished": "2024-02-12T19:06:07.762Z",
"dateReserved": "2022-06-22T15:44:19.309Z",
"dateUpdated": "2024-08-03T09:07:15.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34311 (GCVE-0-2022-34311)
Vulnerability from cvelistv5 – Published: 2024-02-12 18:12 – Updated: 2025-05-06 18:45
VLAI?
Title
IBM CICS TX session fixation
Summary
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.
Severity ?
4.3 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6832930"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229446"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6832928"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T20:55:30.685451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T18:45:29.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user\u0027s session due to insufficiently protected credentials. IBM X-Force ID: 229446."
}
],
"value": "IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user\u0027s session due to insufficiently protected credentials. IBM X-Force ID: 229446."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T18:12:26.359Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832930"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229446"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832928"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX session fixation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-34311",
"datePublished": "2024-02-12T18:12:26.359Z",
"dateReserved": "2022-06-22T15:44:19.310Z",
"dateUpdated": "2025-05-06T18:45:29.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1331 (GCVE-0-2025-1331)
Vulnerability from nvd – Published: 2025-05-08 21:55 – Updated: 2025-08-28 14:19
VLAI?
Title
IBM CICS TX code execution
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
Severity ?
7.8 (High)
CWE
- CWE-242 - Use of Inherently Dangerous Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T03:55:12.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u0026nbsp;could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
}
],
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-242",
"description": "CWE-242 Use of Inherently Dangerous Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:19:41.668Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1331",
"datePublished": "2025-05-08T21:55:41.116Z",
"dateReserved": "2025-02-15T00:10:22.206Z",
"dateUpdated": "2025-08-28T14:19:41.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1330 (GCVE-0-2025-1330)
Vulnerability from nvd – Published: 2025-05-08 21:54 – Updated: 2025-08-28 14:19
VLAI?
Title
IBM CICS TX code execution
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T03:55:10.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u0026nbsp; could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function."
}
],
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:19:02.544Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1330",
"datePublished": "2025-05-08T21:54:42.271Z",
"dateReserved": "2025-02-15T00:10:21.346Z",
"dateUpdated": "2025-08-28T14:19:02.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1329 (GCVE-0-2025-1329)
Vulnerability from nvd – Published: 2025-05-08 21:53 – Updated: 2025-08-28 14:18
VLAI?
Title
IBM CICS TX code execution
Summary
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the
gethostbyaddr
function.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T03:55:09.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:linux:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:linux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egethostbyaddr \u003c/span\u003e\n\n function."
}
],
"value": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the \n\ngethostbyaddr \n\n function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:18:29.768Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232923"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232924"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \u003cbr\u003e\u003cbr\u003eIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central. \u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by downloading and applying the below fix. \n\nIBM CICS TX Standard 11.1 Linux Download and apply the fix from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1329",
"datePublished": "2025-05-08T21:53:48.475Z",
"dateReserved": "2025-02-15T00:10:20.672Z",
"dateUpdated": "2025-08-28T14:18:29.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41746 (GCVE-0-2024-41746)
Vulnerability from nvd – Published: 2025-01-16 17:13 – Updated: 2025-01-16 19:02
VLAI?
Title
IBM CICS TX cross-site scripting
Summary
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
7.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Advanced |
Affected:
10.1, 11.1
cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:*:*:* cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:*:*:* cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:02:35.735122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:02:43.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1.0.0:*:*:*:advanced:*:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:advanced:*:*:*",
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1, 11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u003c/span\u003e"
}
],
"value": "IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T17:13:53.888Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7171873"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41746",
"datePublished": "2025-01-16T17:13:53.888Z",
"dateReserved": "2024-07-22T12:02:18.445Z",
"dateUpdated": "2025-01-16T19:02:43.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41744 (GCVE-0-2024-41744)
Vulnerability from nvd – Published: 2024-11-01 16:53 – Updated: 2024-11-01 17:22
VLAI?
Title
IBM CICS TX Standard cross-site request forgery
Summary
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity ?
6.5 (Medium)
CWE
- IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T17:19:16.770246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T17:22:23.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"value": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T16:53:32.755Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174576"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX Standard cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41744",
"datePublished": "2024-11-01T16:53:32.755Z",
"dateReserved": "2024-07-22T12:02:18.444Z",
"dateUpdated": "2024-11-01T17:22:23.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41745 (GCVE-0-2024-41745)
Vulnerability from nvd – Published: 2024-11-01 16:48 – Updated: 2024-11-01 17:23
VLAI?
Title
IBM CICS TX Standard cross-site scripting
Summary
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T17:23:48.304431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T17:23:58.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:11.1.0.0:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T16:48:49.374Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174576"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX Standard cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41745",
"datePublished": "2024-11-01T16:48:49.374Z",
"dateReserved": "2024-07-22T12:02:18.445Z",
"dateUpdated": "2024-11-01T17:23:58.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38360 (GCVE-0-2023-38360)
Vulnerability from nvd – Published: 2024-03-04 18:05 – Updated: 2024-08-02 17:39
VLAI?
Title
IBM CICS TX cross-site scripting
Summary
IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Advanced |
Affected:
10.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:23:22.006351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:17.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7066435"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769."
}
],
"value": "IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260769."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T18:05:16.269Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7066435"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260769"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38360",
"datePublished": "2024-03-04T18:05:16.269Z",
"dateReserved": "2023-07-16T00:53:13.213Z",
"dateUpdated": "2024-08-02T17:39:12.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38362 (GCVE-0-2023-38362)
Vulnerability from nvd – Published: 2024-03-04 15:56 – Updated: 2024-08-02 17:39
VLAI?
Title
IBM CICS TX information disclosure
Summary
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Response Discrepancy Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | CICS TX Advanced |
Affected:
10.1
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cics_tx",
"vendor": "ibm",
"versions": [
{
"status": "affected",
"version": "10.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T21:04:14.537781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T21:04:52.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://https://www.ibm.com/support/pages/node/7066430"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814."
}
],
"value": "IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T15:56:12.254Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.ibm.com/support/pages/node/7066430"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260814"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38362",
"datePublished": "2024-03-04T15:56:12.254Z",
"dateReserved": "2023-07-16T00:53:13.213Z",
"dateUpdated": "2024-08-02T17:39:12.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34309 (GCVE-0-2022-34309)
Vulnerability from nvd – Published: 2024-02-12 19:06 – Updated: 2024-08-03 09:07
VLAI?
Title
IBM CICS TX information disclosure
Summary
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.
Severity ?
5.9 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | CICS TX Standard |
Affected:
11.1
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T15:29:40.852971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:50.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:15.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6832814"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6832918"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CICS TX Standard",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CICS TX Advanced",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440."
}
],
"value": "IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T19:06:07.762Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832814"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6832918"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229440"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM CICS TX information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-34309",
"datePublished": "2024-02-12T19:06:07.762Z",
"dateReserved": "2022-06-22T15:44:19.309Z",
"dateUpdated": "2024-08-03T09:07:15.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}