#VU88899 Insufficiently protected credentials in CICS Transaction Gateway for Multiplatforms - CVE-2023-50311
Published: April 23, 2024
Vulnerability identifier: #VU88899
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-50311
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CICS Transaction Gateway for Multiplatforms
CICS Transaction Gateway for Multiplatforms
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a remote privileged user to gain access to other users' credentials.
The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.
Remediation
Install updates from vendor's website.