CVE-2022-34307

CWE-311CWE-863Incorrect Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 70.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cics TX AdvancedIBM Cics TX StandardIBM Cics TX
Timeline
PublishedAug 1
Latest updateAug 2

Description

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDibm/cics_tx11.1
CVEListV5ibm/cics_tx_advanced11.1
CVEListV5ibm/cics_tx_standard11.1

Patches

Patch: www.ibm.comPatch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4jc6-946f-3mgf: IBM CICS TX 112022-08-02
CVEList
CVE-2022-34307: IBM CICS TX 112022-08-01
CVE-2022-34307 (MEDIUM CVSS 4.3) | IBM CICS TX 11.1 does not set the s | cvebase.io