CVE-2022-34329 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34329
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467. IBM CICS TX 11.7 podría permitir a un atacante obtener información sensible de los encabezados de respuesta HTTP. ID de IBM X-Force: 229467. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229467 https://www.ibm.com/support/pages/node/6833210 https://www.ibm.com/support/pages/node/6833212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-34319 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34319
IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463. IBM CICS TX 11.7 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. ID de IBM X-Force: 229463. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229463 https://www.ibm.com/support/pages/node/6833190 https://www.ibm.com/support/pages/node/6833192 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-34313 – IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies
https://notcve.org/view.php?id=CVE-2022-34313
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. IBM CICS TX 11.1 no establece el atributo seguro en tokens de autorización o cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229449 https://www.ibm.com/support/pages/node/6833158 https://www.ibm.com/support/pages/node/6833164 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-34308
https://notcve.org/view.php?id=CVE-2022-34308
IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. IBM CICS TX versión 11.1, podría permitir a un usuario local causar una denegación de servicio debido a un manejo inapropiado de la carga. IBM X-Force ID: 229437 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229437 https://www.ibm.com/support/pages/node/6826645 https://www.ibm.com/support/pages/node/6826647 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-34307
https://notcve.org/view.php?id=CVE-2022-34307
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. IBM CICS TX versión 11.1, no establece el atributo de seguridad en los tokens de autorización o las cookies de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229436 https://www.ibm.com/support/pages/node/6608208 https://www.ibm.com/support/pages/node/6608210 • CWE-311: Missing Encryption of Sensitive Data •