Insufficiently protected credentials in IBM CICS TX Standard
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-34311 |
| CWE-ID | CWE-522 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IBM CICS TX Standard Universal components / Libraries / Software for developers |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Insufficiently protected credentials
EUVDB-ID: #VU81260
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-34311
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker with physical access to gain access to user's session.
The vulnerability exists due to insufficiently protected credentials. A remote attacker with physical access can gain unauthorized access to user's session.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3 External linkshttps://www.ibm.com/support/pages/node/6832928
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
