CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38705 – IBM CICS TX phishing
https://notcve.org/view.php?id=CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. IBM CICS TX 11.1 Standard y Advanced podría permitir a un atacante remoto eludir las restricciones de seguridad, causadas por una falla de tabulación inversa. Un atacante podría aprovechar esta vulnerabilidad y redirigir a la víctima a un sitio de phishing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234172 https://www.ibm.com/support/pages/node/6833216 https://www.ibm.com/support/pages/node/6833218 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34312 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34312
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. IBM CICS TX 11.1 permite que las páginas web se almacenen localmente y que otro usuario del sistema pueda leerlas. ID de IBM X-Force: 229447. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229447 https://www.ibm.com/support/pages/node/6833150 https://www.ibm.com/support/pages/node/6833156 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34329 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34329
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. IBM CICS TX 11.7 podría permitir a un atacante obtener información sensible de los encabezados de respuesta HTTP. ID de IBM X-Force: 229467. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229467 https://www.ibm.com/support/pages/node/6833210 https://www.ibm.com/support/pages/node/6833212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34319 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34319
IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. IBM CICS TX 11.7 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. ID de IBM X-Force: 229463. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229463 https://www.ibm.com/support/pages/node/6833190 https://www.ibm.com/support/pages/node/6833192 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34313 – IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies
https://notcve.org/view.php?id=CVE-2022-34313
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. IBM CICS TX 11.1 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229449 https://www.ibm.com/support/pages/node/6833158 https://www.ibm.com/support/pages/node/6833164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •