cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41746,https://securityvulnerability.io/vulnerability/CVE-2024-41746,Stored Cross-Site Scripting Vulnerability in IBM CICS TX,"IBM CICS TX, specifically versions Advanced 10.1, 11.1, and Standard 11.1, exposes a security flaw that permits attackers to inject arbitrary JavaScript code into the Web UI. This stored cross-site scripting vulnerability could compromise user sessions, potentially leading to the unauthorized disclosure of user credentials by altering the application's intended functionality, creating a significant security risk for users.",IBM,"Cics Tx Advanced,Cics Tx Standard",7.2,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-16T17:13:53.888Z,0
CVE-2024-41744,https://securityvulnerability.io/vulnerability/CVE-2024-41744,IBM CICS TX Standard 11.1 Vulnerable to Cross-Site Request Forgery,IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.,IBM,Cics Tx Standard,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-11-01T16:53:32.755Z,0
CVE-2024-41745,https://securityvulnerability.io/vulnerability/CVE-2024-41745,CICS TX Standard vulnerable to Cross-Site Scripting,IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Cics Tx Standard,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-01T16:48:49.374Z,0
CVE-2022-34309,https://securityvulnerability.io/vulnerability/CVE-2022-34309,Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption,"IBM CICS TX Standard and Advanced 11.1 has been identified with vulnerabilities stemming from the use of cryptographic algorithms that do not meet expected security standards. These weaknesses may allow attackers to decrypt sensitive information, posing a risk to data integrity. Organizations utilizing these IBM products are encouraged to review their security configurations and implement stronger cryptographic measures to safeguard against unauthorized data access.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-12T19:06:07.762Z,0
CVE-2022-34311,https://securityvulnerability.io/vulnerability/CVE-2022-34311,Insufficiently Protected Credentials Could Lead to User Session Access,"A vulnerability exists in IBM CICS TX Standard and Advanced 11.1 that may allow an attacker with physical access to a web browser to exploit insufficiently protected user credentials, potentially gaining unauthorized access to a user's session. This flaw emphasizes the necessity for robust session management practices and adequate protection measures for user credentials in web applications to mitigate the risk of unauthorized access.",IBM,"Cics Tx Standard,Cics Tx Advanced",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-12T18:12:26.359Z,0
CVE-2022-34310,https://securityvulnerability.io/vulnerability/CVE-2022-34310,Weaker Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Could Leave Sensitive Information Vulnerable to Decryption,"IBM CICS TX Standard and Advanced version 11.1 exhibits a vulnerability due to the use of cryptographic algorithms that do not meet security expectations. This could potentially allow adversaries to decrypt highly sensitive information, posing significant risks to data integrity and confidentiality. Organizations utilizing these products should be aware of the implications and consider necessary security measures to mitigate potential threats. For further details and official recommendations, refer to IBM's advisories.",IBM,"Cics Tx Standard,Cics Tx Advanced",7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-02-12T17:46:44.982Z,0
CVE-2023-42029,https://securityvulnerability.io/vulnerability/CVE-2023-42029,IBM CICS TX cross-site scripting,"IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  266059.",IBM,"Cics Tx Standard,Cics Tx Advanced,Txseries For Multiplatforms",4.8,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42027,https://securityvulnerability.io/vulnerability/CVE-2023-42027,IBM CICS TX cross-site request forgery,"IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  266057.",IBM,"Cics Tx Standard,Cics Tx Advanced,Txseries For Multiplatforms",4.3,MEDIUM,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-43018,https://securityvulnerability.io/vulnerability/CVE-2023-43018,IBM CICS TX privilege escalation,"IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.  IBM X-Force ID:  266163.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-11-03T00:15:00.000Z,0
CVE-2023-42031,https://securityvulnerability.io/vulnerability/CVE-2023-42031,IBM CICS TX denial of service,"IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption.  IBM X-Force ID:  266016.",IBM,"Txseries For Multiplatforms,Cics Tx Standard,Cics Tx Advanced",4.9,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-33850,https://securityvulnerability.io/vulnerability/CVE-2023-33850,IBM GSKit-Crypto information disclosure,"A vulnerability exists in IBM GSKit-Crypto due to a timing-based side channel in its RSA decryption implementation. An attacker could exploit this flaw by sending numerous trial messages, allowing for the potential extraction of sensitive information. This exploit highlights the importance of secure coding practices and the need for robust cryptographic implementations to prevent such information leakage.",IBM,"Txseries For Multiplatforms,Cics Tx Standard,Cics Tx Advanced",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-08-22T21:15:00.000Z,0
CVE-2023-33847,https://securityvulnerability.io/vulnerability/CVE-2023-33847,IBM CICS TX information disclosure,"
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",3.1,LOW,0.0014199999859556556,false,,false,false,false,,,false,false,,2023-06-08T01:15:00.000Z,0
CVE-2023-33846,https://securityvulnerability.io/vulnerability/CVE-2023-33846,IBM CICS TX cross-site scripting,"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  257100.",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",5.4,MEDIUM,0.0014400000218302011,false,,false,false,false,,,false,false,,2023-06-08T01:15:00.000Z,0
CVE-2023-33849,https://securityvulnerability.io/vulnerability/CVE-2023-33849,IBM CICS TX information disclosure,"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.  IBM X-Force ID:  257105.",IBM,"TXSeries for Multiplatforms,CICS TX Standard,CICS TX Advanced",3.7,LOW,0.0018899999558925629,false,,false,false,false,,,false,false,,2023-06-07T22:15:00.000Z,0
CVE-2022-34308,https://securityvulnerability.io/vulnerability/CVE-2022-34308,Denial of Service Vulnerability in IBM CICS TX 11.1,IBM CICS TX 11.1 is susceptible to a denial of service condition because of inadequate handling of load processing. A local user could exploit this flaw to disrupt service availability. Organizations using this product should assess their environments for potential exposure and implement necessary measures to mitigate the associated risks.,IBM,"Cics Tx Standard,Cics Tx Advanced",6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-10-07T17:15:00.000Z,0
CVE-2022-34161,https://securityvulnerability.io/vulnerability/CVE-2022-34161,Cross-Site Request Forgery in IBM CICS TX 11.1 Software,"IBM CICS TX 11.1 contains a vulnerability allowing cross-site request forgery (CSRF). This weakness could enable attackers to execute unauthorized actions by manipulating trusted user credentials. Since the application may trust requests coming from legitimate users, potential malicious exploits could result in harmful impacts on the security of the application. Users are encouraged to implement security measures and patch the software to safeguard against this threat.",IBM,"Cics Tx Advanced,Cics Tx Standard",4.3,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-34307,https://securityvulnerability.io/vulnerability/CVE-2022-34307,Session Cookie Vulnerability in IBM CICS TX 11.1,"IBM CICS TX 11.1 suffers from a vulnerability that fails to apply the secure attribute to authorization tokens and session cookies. This oversight allows malicious actors to potentially intercept cookie values through insecure HTTP links. By tricking users into visiting vulnerable sites or sending them deceptive links, attackers can obtain sensitive session information, leading to unauthorized access and potential data breaches.",IBM,"Cics Tx Advanced,Cics Tx Standard",4.3,MEDIUM,0.000910000002477318,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-34164,https://securityvulnerability.io/vulnerability/CVE-2022-34164,User Impersonation Vulnerability in IBM CICS Transaction Server,"A vulnerability in IBM CICS Transaction Server 11.1 allows a local user to impersonate another legitimate user due to improper input validation. This weakness could potentially allow unauthorized actions to be taken by an attacker, posing a risk to system security and user data integrity. It is crucial for organizations using this product to implement the necessary security updates and safeguards.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.9,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-33955,https://securityvulnerability.io/vulnerability/CVE-2022-33955,Code Execution Vulnerability in IBM CICS TX 11.1,"A vulnerability in IBM CICS TX 11.1 that could allow attackers with physical access to execute arbitrary code via a back and refresh attack. This flaw poses significant risks, as it allows unauthorized actions on compromised systems.",IBM,"Cics Tx Advanced,Cics Tx Standard",4.3,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2022-08-01T16:15:00.000Z,0
CVE-2022-34163,https://securityvulnerability.io/vulnerability/CVE-2022-34163,HTTP Header Injection Vulnerability in IBM CICS TX 11.1,"IBM CICS TX 11.1 has a vulnerability due to inadequate validation of HOST headers, permitting attackers to inject malicious HTTP headers. This flaw can result in various attacks such as cross-site scripting, cache poisoning, or session hijacking, potentially compromising sensitive data and system integrity. Users are advised to review the security updates from IBM to mitigate these risks.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.4,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-07-29T00:00:00.000Z,0
CVE-2022-34162,https://securityvulnerability.io/vulnerability/CVE-2022-34162,Clickjacking Vulnerability in IBM CICS TX 11.1,"IBM CICS TX 11.1 is susceptible to a clickjacking exploit, allowing a remote attacker to manipulate user actions. By tricking victims into visiting a malicious website, attackers can hijack user clicks, potentially leading to unauthorized actions and further exploitation. It is crucial for users of CICS TX 11.1 to be aware of this vulnerability to mitigate security risks.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.4,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2022-07-29T00:00:00.000Z,0
CVE-2022-34167,https://securityvulnerability.io/vulnerability/CVE-2022-34167,Stored Cross-Site Scripting Vulnerability in IBM CICS TX,"IBM CICS TX Standard and Advanced 11.1 are vulnerable to stored cross-site scripting, allowing attackers to inject arbitrary JavaScript code through the Web UI. This manipulation can alter the intended functionality of the application, potentially leading to the disclosure of sensitive user credentials during a trusted session. Organizations using affected versions are advised to assess their security posture and apply necessary mitigations to protect against this vulnerability.",IBM,"Cics Tx Standard,Cics Tx Advanced",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-07-08T17:15:00.000Z,0
CVE-2022-34166,https://securityvulnerability.io/vulnerability/CVE-2022-34166,Cross-Site Scripting Vulnerability in IBM CICS TX Products,"IBM CICS TX Standard and Advanced 11.1 is susceptible to cross-site scripting (XSS), allowing attackers to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the intended behavior of the application, potentially resulting in the disclosure of sensitive user credentials during a trusted session. This vulnerability emphasizes the need for organizations to implement secure coding practices and to regularly update their systems to mitigate such risks.",IBM,"Cics Tx Advanced,Cics Tx Standard",5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-07-08T17:15:00.000Z,0
CVE-2022-34306,https://securityvulnerability.io/vulnerability/CVE-2022-34306,HTTP Header Injection Vulnerability in IBM CICS TX Standard and Advanced,"IBM CICS TX Standard and Advanced versions are exposed to an HTTP header injection vulnerability due to insufficient validation of input in HOST headers. This flaw can enable attackers to exploit the system, leading to severe consequences such as cross-site scripting, cache poisoning, and session hijacking. It is crucial for organizations utilizing these products to implement immediate mitigation strategies to safeguard against potential attacks and ensure the integrity of their applications.",IBM,"Cics Tx Advanced,Cics Tx Standard",5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2022-07-08T17:15:00.000Z,0
CVE-2022-34160,https://securityvulnerability.io/vulnerability/CVE-2022-34160,HTML Injection Vulnerability in IBM CICS TX Standard and Advanced Products,"IBM CICS TX Standard and Advanced 11.1 is susceptible to an HTML injection flaw that allows remote attackers to inject malicious HTML code. When users access compromised content, this code executes within their web browser's security context of the hosting site, potentially leading to unauthorized actions and data exposure.",IBM,"Cics Tx Advanced,Cics Tx Standard",5.4,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2022-07-08T17:15:00.000Z,0