CVE-2023-33849

CWE-3113 documents3 sources

Severity

3.7LOW

EPSS

0.0%

top 85.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cics TX Advanced IBM Cics TX Standard IBM Txseries FOR Multiplatforms +1 more

Timeline

PublishedJun 7

Latest updateJun 8

Description

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5ibm/cics_tx_advanced10.1, 11.1

▶CVEListV5ibm/cics_tx_standard11.1

▶NVDibm/cics_tx10.1, 11.1+1

▶CVEListV5ibm/txseries_for_multiplatforms8.1, 8.2, 9.1

▶NVDibm/txseries8.1, 8.2, 9.1+2

🔴Vulnerability Details

GHSA

GHSA-7wpg-p8mw-fq9g: IBM TXSeries for Multiplatforms 8↗2023-06-08

▶

CVEList

IBM CICS TX information disclosure↗2023-06-07

▶