CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34163
https://notcve.org/view.php?id=CVE-2022-34163
01 Aug 2022 — IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. IBM CICS TX versión 11.1, es vulnerable a la inyección de cabeceras HTTP, causada por la incorrecta comprobación de la entrada de los encabezados HOST. Esto podría permitir a un atacante llevar a cabo varios ataque... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34162
https://notcve.org/view.php?id=CVE-2022-34162
01 Aug 2022 — IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. IBM CICS TX versión 11.1, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229332 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34161
https://notcve.org/view.php?id=CVE-2022-34161
01 Aug 2022 — IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. IBM CICS TX versión 11.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 229331 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229331 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33955
https://notcve.org/view.php?id=CVE-2022-33955
01 Aug 2022 — IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. IBM CICS TX versión 11.1, podría permitir a un atacante con acceso físico al sistema ejecutar código debido a un ataque de retroceso y actualización. IBM X-Force ID: 229312 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229312 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34306
https://notcve.org/view.php?id=CVE-2022-34306
08 Jul 2022 — IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435. IBM CICS TX Standard y Advanced versión 11.1, es vulnerable a una inyección de encabezado HTTP, causada por una comprobación inapropiada de la entrada de los encabezados HOST. Esto podría perm... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229435 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34167
https://notcve.org/view.php?id=CVE-2022-34167
08 Jul 2022 — IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432. IBM CICS TX Standard y Advanced versión 11.1, es vulnerable al cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alter... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34166
https://notcve.org/view.php?id=CVE-2022-34166
08 Jul 2022 — IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430. IBM CICS TX Standard y Advanced versión 11.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, altera... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34160
https://notcve.org/view.php?id=CVE-2022-34160
08 Jul 2022 — IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330. IBM CICS TX Standard y Advanced versión 11.1, es vulnerable a una inyección de HTML. Un atacante remoto podría inyectar código HTML malicioso que, cuando sea visualizado, será ejecutado en el navegador web de la víctima dentro del contexto de segurid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/229330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31767
https://notcve.org/view.php?id=CVE-2022-31767
24 Jun 2022 — IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. IBM CICS TX Standard y Advanced versión 11.1, podría permitir a un atacante remoto ejecutar comandos arbitrarios en el sistema mediante el envío de una petición especialmente diseñada. IBM X-Force ID: 227980 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227980 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •