CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34313 – IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies
https://notcve.org/view.php?id=CVE-2022-34313
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. IBM CICS TX 11.1 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229449 https://www.ibm.com/support/pages/node/6833158 https://www.ibm.com/support/pages/node/6833164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34308
https://notcve.org/view.php?id=CVE-2022-34308
IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. IBM CICS TX versión 11.1, podría permitir a un usuario local causar una denegación de servicio debido a un manejo inapropiado de la carga. IBM X-Force ID: 229437 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229437 https://www.ibm.com/support/pages/node/6826645 https://www.ibm.com/support/pages/node/6826647 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34307
https://notcve.org/view.php?id=CVE-2022-34307
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. IBM CICS TX versión 11.1, no establece el atributo de seguridad en los tokens de autorización o las cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229436 https://www.ibm.com/support/pages/node/6608208 https://www.ibm.com/support/pages/node/6608210 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34164
https://notcve.org/view.php?id=CVE-2022-34164
IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. IBM CICS TX versión 11.1, podría permitir a un usuario local hacerse pasar por otro usuario legítimo debido a una incorrecta comprobación de entradas. IBM X-Force ID: 229338 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229338 https://www.ibm.com/support/pages/node/6608204 https://www.ibm.com/support/pages/node/6608206 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34163
https://notcve.org/view.php?id=CVE-2022-34163
IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. IBM CICS TX versión 11.1, es vulnerable a la inyección de cabeceras HTTP, causada por la incorrecta comprobación de la entrada de los encabezados HOST. Esto podría permitir a un atacante llevar a cabo varios ataques contra el sistema vulnerable, incluyendo de tipo cross-site scripting, envenenamiento de caché o secuestro de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229333 https://www.ibm.com/support/pages/node/6608200 https://www.ibm.com/support/pages/node/6608202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •