CVE-2022-31767OS Command Injection in IBM Cics TX

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.9%
top 16.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cics TXIBM Cics TX AdvancedIBM Cics TX Standard
Timeline
PublishedJun 24
Latest updateJun 25

Description

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5ibm/cics_tx_advanced11.1
CVEListV5ibm/cics_tx_standard11.1
NVDibm/cics_tx< 11.1+1

🔴Vulnerability Details

2
GHSA
GHSA-9g73-3qvv-vx92: IBM CICS TX Standard and Advanced 112022-06-25
CVEList
CVE-2022-31767: IBM CICS TX Standard and Advanced 112022-06-24
CVE-2022-31767 — OS Command Injection in IBM Cics TX | cvebase