CVE-2022-34316 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34316
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452. IBM CICS TX 11.1 no neutraliza o neutraliza incorrectamente la sintaxis de scripting web en encabezados HTTP que pueden utilizar los componentes del navegador web que pueden procesar encabezados sin formato. ID de IBM X-Force: 229452. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229452 https://www.ibm.com/support/pages/node/6833176 https://www.ibm.com/support/pages/node/6833178 • CWE-116: Improper Encoding or Escaping of Output CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVE-2022-34314
https://notcve.org/view.php?id=CVE-2022-34314
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. IBM CICS TX 11.1 podría revelar información sensible a un usuario local debido a una configuración de permisos insegura. ID de IBM X-Force: 229450. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229450 https://www.ibm.com/support/pages/node/6833166 https://www.ibm.com/support/pages/node/6833170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-34315 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2022-34315
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. IBM CICS TX 11.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229451 https://www.ibm.com/support/pages/node/6833172 https://www.ibm.com/support/pages/node/6833174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38705 – IBM CICS TX phishing
https://notcve.org/view.php?id=CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. IBM CICS TX 11.1 Standard y Advanced podría permitir a un atacante remoto eludir las restricciones de seguridad, causadas por una falla de tabulación inversa. Un atacante podría aprovechar esta vulnerabilidad y redirigir a la víctima a un sitio de phishing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234172 https://www.ibm.com/support/pages/node/6833216 https://www.ibm.com/support/pages/node/6833218 •
CVE-2022-34312 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34312
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. IBM CICS TX 11.1 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 229447. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229447 https://www.ibm.com/support/pages/node/6833150 https://www.ibm.com/support/pages/node/6833156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •