CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34315 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2022-34315
14 Nov 2022 — IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. IBM CICS TX 11.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38705 – IBM CICS TX phishing
https://notcve.org/view.php?id=CVE-2022-38705
14 Nov 2022 — IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. IBM CICS TX 11.1 Standard y Advanced podría permitir a un atacante remoto eludir las restricciones de seguridad, causadas por una falla de tabulación inversa. Un atacante podría aprovechar esta vulnerabilidad y redirigir a la víctima a un sitio de phishing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234172 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34312 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34312
14 Nov 2022 — IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. IBM CICS TX 11.1 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 229447. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229447 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34313 – IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies
https://notcve.org/view.php?id=CVE-2022-34313
14 Nov 2022 — IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. IBM CICS TX 11.1 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229449 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34308
https://notcve.org/view.php?id=CVE-2022-34308
07 Oct 2022 — IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. IBM CICS TX versión 11.1, podría permitir a un usuario local causar una denegación de servicio debido a un manejo inapropiado de la carga. IBM X-Force ID: 229437 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229437 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34307
https://notcve.org/view.php?id=CVE-2022-34307
01 Aug 2022 — IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. IBM CICS TX versión 11.1, no establece el atributo de seguridad en los tokens de autorización o las cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229436 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34164
https://notcve.org/view.php?id=CVE-2022-34164
01 Aug 2022 — IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. IBM CICS TX versión 11.1, podría permitir a un usuario local hacerse pasar por otro usuario legítimo debido a una incorrecta comprobación de entradas. IBM X-Force ID: 229338 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229338 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34163
https://notcve.org/view.php?id=CVE-2022-34163
01 Aug 2022 — IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. IBM CICS TX versión 11.1, es vulnerable a la inyección de cabeceras HTTP, causada por la incorrecta comprobación de la entrada de los encabezados HOST. Esto podría permitir a un atacante llevar a cabo varios ataque... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34162
https://notcve.org/view.php?id=CVE-2022-34162
01 Aug 2022 — IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. IBM CICS TX versión 11.1, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229332 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34161
https://notcve.org/view.php?id=CVE-2022-34161
01 Aug 2022 — IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. IBM CICS TX versión 11.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 229331 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229331 • CWE-352: Cross-Site Request Forgery (CSRF) •