CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34317 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2022-34317
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459. IBM CICS TX 11.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229459 https://www.ibm.com/support/pages/node/6833180 https://www.ibm.com/support/pages/node/6833182 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34318 – IBM CICS TX clickjacking
https://notcve.org/view.php?id=CVE-2022-34318
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461. IBM CICS TX 11.1 podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría aprovechar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente lanzar más ataques contra ella. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229461 https://www.ibm.com/support/pages/node/6833186 https://www.ibm.com/support/pages/node/6833188 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34316 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34316
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452. IBM CICS TX 11.1 no neutraliza o neutraliza incorrectamente la sintaxis de scripting web en encabezados HTTP que pueden utilizar los componentes del navegador web que pueden procesar encabezados sin formato. ID de IBM X-Force: 229452. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229452 https://www.ibm.com/support/pages/node/6833176 https://www.ibm.com/support/pages/node/6833178 • CWE-116: Improper Encoding or Escaping of Output CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34314
https://notcve.org/view.php?id=CVE-2022-34314
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. IBM CICS TX 11.1 podría revelar información sensible a un usuario local debido a una configuración de permisos insegura. ID de IBM X-Force: 229450. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229450 https://www.ibm.com/support/pages/node/6833166 https://www.ibm.com/support/pages/node/6833170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34315 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2022-34315
IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. IBM CICS TX 11.1 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229451 https://www.ibm.com/support/pages/node/6833172 https://www.ibm.com/support/pages/node/6833174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •