SB2022112102 - Multiple vulnerabilities in IBM CICS TX

Security Bulletin ID SB2022112102

Severity

Low

Patch available

NO

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Configuration (CVE-ID: CVE-2022-34318)

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to application does not set necessary HTTP headers to protect itself against clickjacking attacks. A remote attacker can trick the victim into visiting a malicious website and hijacking the clicking action of the victim.

2) Information disclosure (CVE-ID: CVE-2022-34312)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to IBM CICS TX allows web pages to be stored locally in an insecure manner. A local user can access stored web pages.

3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-34319)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to IBM CICS TX uses weaker than expected cryptographic algorithms. A remote attacker can perform MitM attack.

4) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-ID: CVE-2022-34313)

The vulnerability allows a remote attacker to obtain sensitive cookie values.

The vulnerability exists due to IBM CICS TX does not set the secure attribute on authorization tokens or session cookies. A remote attacker can trick the victim into visiting the web application via insecure HTTP protocol and intercept sensitive cookie values.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

SB2022112102 - Multiple vulnerabilities in IBM CICS TX

Breakdown by Severity

Description

Remediation

References

Please verify you're human