cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41746,https://securityvulnerability.io/vulnerability/CVE-2024-41746,Stored Cross-Site Scripting Vulnerability in IBM CICS TX,"IBM CICS TX, specifically versions Advanced 10.1, 11.1, and Standard 11.1, exposes a security flaw that permits attackers to inject arbitrary JavaScript code into the Web UI. This stored cross-site scripting vulnerability could compromise user sessions, potentially leading to the unauthorized disclosure of user credentials by altering the application's intended functionality, creating a significant security risk for users.",IBM,"Cics Tx Advanced,Cics Tx Standard",7.2,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-16T17:13:53.888Z,0
CVE-2023-38360,https://securityvulnerability.io/vulnerability/CVE-2023-38360,Cross-Site Scripting Vulnerability in CICS TX Advanced 10.1 Could Lead to Credentials Disclosure,"IBM CICS TX Advanced 10.1 is susceptible to a cross-site scripting (XSS) vulnerability, allowing adversaries to inject arbitrary JavaScript code through the Web UI. This exploitation could disrupt the application’s intended operations and potentially expose user credentials during a trusted session. Users should assess their security posture and consider immediate mitigation strategies to safeguard sensitive data.",IBM,Cics Tx Advanced,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-04T18:05:16.269Z,0
CVE-2023-38362,https://securityvulnerability.io/vulnerability/CVE-2023-38362,CICS TX Advanced 10.1 Vulnerability Could Leak Sensitive Information,"A vulnerability exists in IBM CICS TX Advanced 10.1 that may allow remote attackers to gain unauthorized access to sensitive information through observable discrepancies in HTTP responses. This issue could lead to the exposure of critical data, which can be leveraged for further attacks or unauthorized actions. Ensuring the integrity and confidentiality of HTTP responses is essential for maintaining a secure environment and protecting against potential data breaches.",IBM,Cics Tx Advanced,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-04T15:56:12.254Z,0
CVE-2022-34309,https://securityvulnerability.io/vulnerability/CVE-2022-34309,Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption,"IBM CICS TX Standard and Advanced 11.1 has been identified with vulnerabilities stemming from the use of cryptographic algorithms that do not meet expected security standards. These weaknesses may allow attackers to decrypt sensitive information, posing a risk to data integrity. Organizations utilizing these IBM products are encouraged to review their security configurations and implement stronger cryptographic measures to safeguard against unauthorized data access.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-12T19:06:07.762Z,0
CVE-2022-34311,https://securityvulnerability.io/vulnerability/CVE-2022-34311,Insufficiently Protected Credentials Could Lead to User Session Access,"A vulnerability exists in IBM CICS TX Standard and Advanced 11.1 that may allow an attacker with physical access to a web browser to exploit insufficiently protected user credentials, potentially gaining unauthorized access to a user's session. This flaw emphasizes the necessity for robust session management practices and adequate protection measures for user credentials in web applications to mitigate the risk of unauthorized access.",IBM,"Cics Tx Standard,Cics Tx Advanced",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-12T18:12:26.359Z,0
CVE-2022-34310,https://securityvulnerability.io/vulnerability/CVE-2022-34310,Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption,"IBM CICS TX Standard and Advanced version 11.1 exhibits a vulnerability due to the use of cryptographic algorithms that do not meet security expectations. This could potentially allow adversaries to decrypt highly sensitive information, posing significant risks to data integrity and confidentiality. Organizations utilizing these products should be aware of the implications and consider necessary security measures to mitigate potential threats. For further details and official recommendations, refer to IBM's advisories.",IBM,"Cics Tx Standard,Cics Tx Advanced",7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-12T17:46:44.982Z,0
CVE-2023-38361,https://securityvulnerability.io/vulnerability/CVE-2023-38361,IBM CICS TX Advanced information disclosure,"IBM CICS TX Advanced 10.1 employs cryptographic algorithms that do not meet expected security standards, potentially enabling attackers to decrypt sensitive information. This vulnerability raises significant concerns regarding data integrity and confidentiality within impacted systems.",IBM,CICS TX Advanced,7.5,HIGH,0.001069999998435378,false,,false,false,false,,,false,false,,2023-11-18T18:15:00.000Z,0
CVE-2023-38363,https://securityvulnerability.io/vulnerability/CVE-2023-38363,IBM CICS TX information disclosure,"
IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.

",IBM,Cics Tx Advanced,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-13T02:15:00.000Z,0
CVE-2023-38364,https://securityvulnerability.io/vulnerability/CVE-2023-38364,IBM CICS TX Advanced cross-site scripting,IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  260821.,IBM,Cics Tx Advanced,6.1,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-13T02:15:00.000Z,0
CVE-2023-43018,https://securityvulnerability.io/vulnerability/CVE-2023-43018,IBM CICS TX privilege escalation,"IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.  IBM X-Force ID:  266163.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42029,https://securityvulnerability.io/vulnerability/CVE-2023-42029,IBM CICS TX cross-site scripting,"IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  266059.",IBM,"Cics Tx Standard,Cics Tx Advanced,Txseries For Multiplatforms",4.8,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42027,https://securityvulnerability.io/vulnerability/CVE-2023-42027,IBM CICS TX cross-site request forgery,"IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  266057.",IBM,"Cics Tx Standard,Cics Tx Advanced,Txseries For Multiplatforms",4.3,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42031,https://securityvulnerability.io/vulnerability/CVE-2023-42031,IBM CICS TX denial of service,"IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption.  IBM X-Force ID:  266016.",IBM,"Txseries For Multiplatforms,Cics Tx Standard,Cics Tx Advanced",4.9,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-33850,https://securityvulnerability.io/vulnerability/CVE-2023-33850,IBM GSKit-Crypto information disclosure,"A vulnerability exists in IBM GSKit-Crypto due to a timing-based side channel in its RSA decryption implementation. An attacker could exploit this flaw by sending numerous trial messages, allowing for the potential extraction of sensitive information. This exploit highlights the importance of secure coding practices and the need for robust cryptographic implementations to prevent such information leakage.",IBM,"Txseries For Multiplatforms,Cics Tx Standard,Cics Tx Advanced",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-08-22T21:15:00.000Z,0
CVE-2023-33847,https://securityvulnerability.io/vulnerability/CVE-2023-33847,IBM CICS TX information disclosure,"
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",3.1,LOW,0.0014199999859556556,false,,false,false,false,,,false,false,,2023-06-08T01:15:00.000Z,0
CVE-2023-33846,https://securityvulnerability.io/vulnerability/CVE-2023-33846,IBM CICS TX cross-site scripting,"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  257100.",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",5.4,MEDIUM,0.0014400000218302011,false,,false,false,false,,,false,false,,2023-06-08T01:15:00.000Z,0
CVE-2023-33849,https://securityvulnerability.io/vulnerability/CVE-2023-33849,IBM CICS TX information disclosure,"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.  IBM X-Force ID:  257105.",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",3.7,LOW,0.0018899999558925629,false,,false,false,false,,,false,false,,2023-06-07T22:15:00.000Z,0
CVE-2022-34308,https://securityvulnerability.io/vulnerability/CVE-2022-34308,Denial of Service Vulnerability in IBM CICS TX 11.1,IBM CICS TX 11.1 is susceptible to a denial of service condition because of inadequate handling of load processing. A local user could exploit this flaw to disrupt service availability. Organizations using this product should assess their environments for potential exposure and implement necessary measures to mitigate the associated risks.,IBM,"Cics Tx Standard,Cics Tx Advanced",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-10-07T17:15:00.000Z,0
CVE-2022-34307,https://securityvulnerability.io/vulnerability/CVE-2022-34307,Session Cookie Vulnerability in IBM CICS TX 11.1,"IBM CICS TX 11.1 suffers from a vulnerability that fails to apply the secure attribute to authorization tokens and session cookies. This oversight allows malicious actors to potentially intercept cookie values through insecure HTTP links. By tricking users into visiting vulnerable sites or sending them deceptive links, attackers can obtain sensitive session information, leading to unauthorized access and potential data breaches.",IBM,"Cics Tx Advanced,Cics Tx Standard",4.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-34161,https://securityvulnerability.io/vulnerability/CVE-2022-34161,Cross-Site Request Forgery in IBM CICS TX 11.1 Software,"IBM CICS TX 11.1 contains a vulnerability allowing cross-site request forgery (CSRF). This weakness could enable attackers to execute unauthorized actions by manipulating trusted user credentials. Since the application may trust requests coming from legitimate users, potential malicious exploits could result in harmful impacts on the security of the application. Users are encouraged to implement security measures and patch the software to safeguard against this threat.",IBM,"Cics Tx Advanced,Cics Tx Standard",4.3,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-33955,https://securityvulnerability.io/vulnerability/CVE-2022-33955,Code Execution Vulnerability in IBM CICS TX 11.1,"A vulnerability in IBM CICS TX 11.1 that could allow attackers with physical access to execute arbitrary code via a back and refresh attack. This flaw poses significant risks, as it allows unauthorized actions on compromised systems.",IBM,"Cics Tx Advanced,Cics Tx Standard",4.3,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-34164,https://securityvulnerability.io/vulnerability/CVE-2022-34164,User Impersonation Vulnerability in IBM CICS Transaction Server,"A vulnerability in IBM CICS Transaction Server 11.1 allows a local user to impersonate another legitimate user due to improper input validation. This weakness could potentially allow unauthorized actions to be taken by an attacker, posing a risk to system security and user data integrity. It is crucial for organizations using this product to implement the necessary security updates and safeguards.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-34162,https://securityvulnerability.io/vulnerability/CVE-2022-34162,Clickjacking Vulnerability in IBM CICS TX 11.1,"IBM CICS TX 11.1 is susceptible to a clickjacking exploit, allowing a remote attacker to manipulate user actions. By tricking victims into visiting a malicious website, attackers can hijack user clicks, potentially leading to unauthorized actions and further exploitation. It is crucial for users of CICS TX 11.1 to be aware of this vulnerability to mitigate security risks.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.4,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2022-07-29T00:00:00.000Z,0
CVE-2022-34163,https://securityvulnerability.io/vulnerability/CVE-2022-34163,HTTP Header Injection Vulnerability in IBM CICS TX 11.1,"IBM CICS TX 11.1 has a vulnerability due to inadequate validation of HOST headers, permitting attackers to inject malicious HTTP headers. This flaw can result in various attacks such as cross-site scripting, cache poisoning, or session hijacking, potentially compromising sensitive data and system integrity. Users are advised to review the security updates from IBM to mitigate these risks.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.4,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-07-29T00:00:00.000Z,0
CVE-2022-34166,https://securityvulnerability.io/vulnerability/CVE-2022-34166,Cross-Site Scripting Vulnerability in IBM CICS TX Products,"IBM CICS TX Standard and Advanced 11.1 is susceptible to cross-site scripting (XSS), allowing attackers to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the intended behavior of the application, potentially resulting in the disclosure of sensitive user credentials during a trusted session. This vulnerability emphasizes the need for organizations to implement secure coding practices and to regularly update their systems to mitigate such risks.",IBM,"Cics Tx Advanced,Cics Tx Standard",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-07-08T17:15:00.000Z,0