cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41746,https://securityvulnerability.io/vulnerability/CVE-2024-41746,Stored Cross-Site Scripting Vulnerability in IBM CICS TX,"IBM CICS TX, specifically versions Advanced 10.1, 11.1, and Standard 11.1, exposes a security flaw that permits attackers to inject arbitrary JavaScript code into the Web UI. This stored cross-site scripting vulnerability could compromise user sessions, potentially leading to the unauthorized disclosure of user credentials by altering the application's intended functionality, creating a significant security risk for users.",IBM,"Cics Tx Advanced,Cics Tx Standard",7.2,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-16T17:13:53.888Z,0
CVE-2024-41744,https://securityvulnerability.io/vulnerability/CVE-2024-41744,IBM CICS TX Standard 11.1 Vulnerable to Cross-Site Request Forgery,IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,IBM,Cics Tx Standard,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-01T16:53:32.755Z,0
CVE-2024-41745,https://securityvulnerability.io/vulnerability/CVE-2024-41745,CICS TX Standard vulnerable to Cross-Site Scripting,IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Cics Tx Standard,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-01T16:48:49.374Z,0
CVE-2023-38360,https://securityvulnerability.io/vulnerability/CVE-2023-38360,Cross-Site Scripting Vulnerability in CICS TX Advanced 10.1 Could Lead to Credentials Disclosure,"IBM CICS TX Advanced 10.1 is susceptible to a cross-site scripting (XSS) vulnerability, allowing adversaries to inject arbitrary JavaScript code through the Web UI. This exploitation could disrupt the application’s intended operations and potentially expose user credentials during a trusted session. Users should assess their security posture and consider immediate mitigation strategies to safeguard sensitive data.",IBM,Cics Tx Advanced,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-04T18:05:16.269Z,0
CVE-2023-38362,https://securityvulnerability.io/vulnerability/CVE-2023-38362,CICS TX Advanced 10.1 Vulnerability Could Leak Sensitive Information,"A vulnerability exists in IBM CICS TX Advanced 10.1 that may allow remote attackers to gain unauthorized access to sensitive information through observable discrepancies in HTTP responses. This issue could lead to the exposure of critical data, which can be leveraged for further attacks or unauthorized actions. Ensuring the integrity and confidentiality of HTTP responses is essential for maintaining a secure environment and protecting against potential data breaches.",IBM,Cics Tx Advanced,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-04T15:56:12.254Z,0
CVE-2022-34309,https://securityvulnerability.io/vulnerability/CVE-2022-34309,Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption,"IBM CICS TX Standard and Advanced 11.1 has been identified with vulnerabilities stemming from the use of cryptographic algorithms that do not meet expected security standards. These weaknesses may allow attackers to decrypt sensitive information, posing a risk to data integrity. Organizations utilizing these IBM products are encouraged to review their security configurations and implement stronger cryptographic measures to safeguard against unauthorized data access.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-12T19:06:07.762Z,0
CVE-2022-34311,https://securityvulnerability.io/vulnerability/CVE-2022-34311,Insufficiently Protected Credentials Could Lead to User Session Access,"A vulnerability exists in IBM CICS TX Standard and Advanced 11.1 that may allow an attacker with physical access to a web browser to exploit insufficiently protected user credentials, potentially gaining unauthorized access to a user's session. This flaw emphasizes the necessity for robust session management practices and adequate protection measures for user credentials in web applications to mitigate the risk of unauthorized access.",IBM,"Cics Tx Standard,Cics Tx Advanced",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-12T18:12:26.359Z,0
CVE-2022-34310,https://securityvulnerability.io/vulnerability/CVE-2022-34310,Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption,"IBM CICS TX Standard and Advanced version 11.1 exhibits a vulnerability due to the use of cryptographic algorithms that do not meet security expectations. This could potentially allow adversaries to decrypt highly sensitive information, posing significant risks to data integrity and confidentiality. Organizations utilizing these products should be aware of the implications and consider necessary security measures to mitigate potential threats. For further details and official recommendations, refer to IBM's advisories.",IBM,"Cics Tx Standard,Cics Tx Advanced",7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-12T17:46:44.982Z,0
CVE-2023-38361,https://securityvulnerability.io/vulnerability/CVE-2023-38361,IBM CICS TX Advanced information disclosure,"IBM CICS TX Advanced 10.1 employs cryptographic algorithms that do not meet expected security standards, potentially enabling attackers to decrypt sensitive information. This vulnerability raises significant concerns regarding data integrity and confidentiality within impacted systems.",IBM,CICS TX Advanced,7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-11-18T18:15:00.000Z,0
CVE-2023-38364,https://securityvulnerability.io/vulnerability/CVE-2023-38364,IBM CICS TX Advanced cross-site scripting,IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  260821.,IBM,Cics Tx Advanced,6.1,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-13T02:15:00.000Z,0
CVE-2023-38363,https://securityvulnerability.io/vulnerability/CVE-2023-38363,IBM CICS TX information disclosure,"
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.

",IBM,Cics Tx Advanced,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-13T02:15:00.000Z,0
CVE-2023-42029,https://securityvulnerability.io/vulnerability/CVE-2023-42029,IBM CICS TX cross-site scripting,"IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  266059.",IBM,"Cics Tx Standard,Cics Tx Advanced,Txseries For Multiplatforms",4.8,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42027,https://securityvulnerability.io/vulnerability/CVE-2023-42027,IBM CICS TX cross-site request forgery,"IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  266057.",IBM,"Cics Tx Standard,Cics Tx Advanced,Txseries For Multiplatforms",4.3,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-43018,https://securityvulnerability.io/vulnerability/CVE-2023-43018,IBM CICS TX privilege escalation,"IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.  IBM X-Force ID:  266163.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42031,https://securityvulnerability.io/vulnerability/CVE-2023-42031,IBM CICS TX denial of service,"IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption.  IBM X-Force ID:  266016.",IBM,"Txseries For Multiplatforms,Cics Tx Standard,Cics Tx Advanced",4.9,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-33850,https://securityvulnerability.io/vulnerability/CVE-2023-33850,IBM GSKit-Crypto information disclosure,"A vulnerability exists in IBM GSKit-Crypto due to a timing-based side channel in its RSA decryption implementation. An attacker could exploit this flaw by sending numerous trial messages, allowing for the potential extraction of sensitive information. This exploit highlights the importance of secure coding practices and the need for robust cryptographic implementations to prevent such information leakage.",IBM,"Txseries For Multiplatforms,Cics Tx Standard,Cics Tx Advanced",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-08-22T21:15:00.000Z,0
CVE-2023-33847,https://securityvulnerability.io/vulnerability/CVE-2023-33847,IBM CICS TX information disclosure,"
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",3.1,LOW,0.0014199999859556556,false,,false,false,false,,,false,false,,2023-06-08T01:15:00.000Z,0
CVE-2023-33846,https://securityvulnerability.io/vulnerability/CVE-2023-33846,IBM CICS TX cross-site scripting,"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  257100.",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",5.4,MEDIUM,0.0014400000218302011,false,,false,false,false,,,false,false,,2023-06-08T01:15:00.000Z,0
CVE-2023-33849,https://securityvulnerability.io/vulnerability/CVE-2023-33849,IBM CICS TX information disclosure,"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.  IBM X-Force ID:  257105.",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",3.7,LOW,0.0018899999558925629,false,,false,false,false,,,false,false,,2023-06-07T22:15:00.000Z,0
CVE-2023-33848,https://securityvulnerability.io/vulnerability/CVE-2023-33848,Sensitive Data Exposure Vulnerability in IBM TXSeries for Multiplatforms and CICS TX,"A vulnerability in IBM TXSeries for Multiplatforms and CICS TX products could allow an authenticated user with elevated privileges to enable debug mode, which may inadvertently expose highly sensitive information. Such exposure poses significant security risks, making it essential for organizations utilizing these products to assess and mitigate their settings.",IBM,Cics Tx,6.5,MEDIUM,0.0013299999991431832,false,,false,false,false,,,false,false,,2023-06-07T21:15:00.000Z,0
CVE-2022-34320,https://securityvulnerability.io/vulnerability/CVE-2022-34320,IBM CICS TX information disclosure,"
IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.

",IBM,Cics Tx,5.9,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2022-11-14T19:27:46.033Z,0
CVE-2022-34317,https://securityvulnerability.io/vulnerability/CVE-2022-34317,IBM CICS TX cross-site scripting,"
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459.

",IBM,Cics Tx,5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-11-14T19:10:14.891Z,0
CVE-2022-34318,https://securityvulnerability.io/vulnerability/CVE-2022-34318,IBM CICS TX clickjacking,"
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461.

",IBM,Cics Tx,5.4,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2022-11-14T19:04:12.560Z,0
CVE-2022-34316,https://securityvulnerability.io/vulnerability/CVE-2022-34316,IBM CICS TX information disclosure,"
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

",IBM,Cics Tx,3.7,LOW,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-11-14T18:47:00.784Z,0
CVE-2022-34314,https://securityvulnerability.io/vulnerability/CVE-2022-34314,Sensitive Information Disclosure in IBM CICS TX 11.1,"A vulnerability exists in IBM CICS TX 11.1 that could enable a local user to access sensitive information due to improper permission settings. This weakness allows unauthorized access to data, compromising its confidentiality. Users of the affected version are advised to review their permission configurations and implement necessary security measures. For detailed guidance, refer to the IBM support resources.",IBM,Cics Tx,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-11-14T18:38:50.824Z,0