CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22345 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-22345
IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192. IBM TXSeries for Multiplatforms 8.2 transmite o almacena credenciales de autenticación, pero utiliza un método inseguro que es susceptible de interceptación y/o recuperación no autorizada. ID de IBM X-Force: 280192. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280192 https://www.ibm.com/support/pages/node/7150667 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22344 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-22344
IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191. IBM TXSeries for Multiplatforms 8.2 es vulnerable a la inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, una vez visto, se ejecutaría en el navegador web de la víctima dentro del contexto de seguridad del sitio de alojamiento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280191 https://www.ibm.com/support/pages/node/7150667 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22343 – IBM TXSeries for Multiplatforms information disclosure
https://notcve.org/view.php?id=CVE-2024-22343
IBM TXSeries for Multiplatforms 8.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 280190. IBM TXSeries for Multiplatforms 8.2 permite almacenar páginas web localmente que pueden ser leídas por otro usuario del sistema. ID de IBM X-Force: 280190. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280190 https://www.ibm.com/support/pages/node/7150667 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42029 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2023-42029
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries para multiplataformas 8.1, 8.2, 9.1 son vulnerables a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266059 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-42027 – IBM CICS TX cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-42027
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1 y TXSeries for Multiplatforms 8.1, 8.2, 9.1 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 266057. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 https://www.ibm.com/support/pages/node/7063659 https://www.ibm.com/support/pages/node/7063664 • CWE-352: Cross-Site Request Forgery (CSRF) •