Insufficiently protected credentials in CICS Transaction Gateway - CVE-2023-50310

 

Insufficiently protected credentials in CICS Transaction Gateway - CVE-2023-50310

Published: April 23, 2024


Vulnerability identifier: #VU88898
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-50310
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
CICS Transaction Gateway

Detailed vulnerability description

The vulnerability allows a remote privileged user to gain access to other users' credentials.

The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.


How to mitigate CVE-2023-50310

Install updates from vendor's website.

Sources