CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38705 – IBM CICS TX phishing
https://notcve.org/view.php?id=CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. IBM CICS TX 11.1 Standard y Advanced podría permitir a un atacante remoto eludir las restricciones de seguridad, causadas por una falla de tabulación inversa. Un atacante podría aprovechar esta vulnerabilidad y redirigir a la víctima a un sitio de phishing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234172 https://www.ibm.com/support/pages/node/6833216 https://www.ibm.com/support/pages/node/6833218 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34312 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34312
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. IBM CICS TX 11.1 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 229447. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229447 https://www.ibm.com/support/pages/node/6833150 https://www.ibm.com/support/pages/node/6833156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34313 – IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies
https://notcve.org/view.php?id=CVE-2022-34313
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. IBM CICS TX 11.1 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229449 https://www.ibm.com/support/pages/node/6833158 https://www.ibm.com/support/pages/node/6833164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34308
https://notcve.org/view.php?id=CVE-2022-34308
IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. IBM CICS TX versión 11.1, podría permitir a un usuario local causar una denegación de servicio debido a un manejo inapropiado de la carga. IBM X-Force ID: 229437 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229437 https://www.ibm.com/support/pages/node/6826645 https://www.ibm.com/support/pages/node/6826647 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34307
https://notcve.org/view.php?id=CVE-2022-34307
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. IBM CICS TX versión 11.1, no establece el atributo de seguridad en los tokens de autorización o las cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229436 https://www.ibm.com/support/pages/node/6608208 https://www.ibm.com/support/pages/node/6608210 • CWE-311: Missing Encryption of Sensitive Data •