Main Vulnerability Database Vulnerabilities #VU88898

#VU88898 Insufficiently protected credentials in CICS Transaction Gateway - CVE-2023-50310

Published: April 23, 2024

Vulnerability identifier: #VU88898

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-50310

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
CICS Transaction Gateway

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote privileged user to gain access to other users' credentials.

The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7145418

#VU88898 Insufficiently protected credentials in CICS Transaction Gateway - CVE-2023-50310

Description

Remediation

External links

Please verify you're human