CVE-2024-41741 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-41741
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. • https://www.ibm.com/support/pages/node/7174572 • CWE-208: Observable Timing Discrepancy •
CVE-2024-41738 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-41738
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. • https://www.ibm.com/support/pages/node/7174572 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 266057. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063664 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-42031 – IBM CICS TX denial of service
https://notcve.org/view.php?id=CVE-2023-42031
IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016. IBM TXSeries para multiplataformas, 8.1, 8.2 y 9.1, CICS TX Standard CICS TX Advanced 10.1 y 11.1 podría permitir que un usuario privilegiado provoque una Denegación de Servicio (DoS) debido al consumo incontrolado de recursos. ID de IBM X-Force: 266016. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266061 https://www.ibm.com/support/pages/node/7056429 https://www.ibm.com/support/pages/node/7056433 • CWE-400: Uncontrolled Resource Consumption •