CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1331 – IBM CICS TX code execution
https://notcve.org/view.php?id=CVE-2025-1331
08 May 2025 — IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. • https://www.ibm.com/support/pages/node/7232923 • CWE-242: Use of Inherently Dangerous Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1330 – IBM CICS TX code execution
https://notcve.org/view.php?id=CVE-2025-1330
08 May 2025 — IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function. • https://www.ibm.com/support/pages/node/7232923 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1329 – IBM CICS TX code execution
https://notcve.org/view.php?id=CVE-2025-1329
08 May 2025 — IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function. • https://www.ibm.com/support/pages/node/7232923 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41746 – IBM CICS TX cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41746
16 Jan 2025 — IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7171873 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41744 – IBM CICS TX Standard cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-41744
01 Nov 2024 — IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. • https://www.ibm.com/support/pages/node/7174576 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41745 – IBM CICS TX Standard cross-site scripting
https://notcve.org/view.php?id=CVE-2024-41745
01 Nov 2024 — IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34309 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34309
12 Feb 2024 — IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. IBM CICS TX Standard y Advanced 11.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 229440. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229440 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34311 – IBM CICS TX session fixation
https://notcve.org/view.php?id=CVE-2022-34311
12 Feb 2024 — IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446. IBM CICS TX Standard y Advanced 11.1 podrían permitir que un usuario con acceso físico al navegador web obtenga acceso a la sesión del usuario debido a que las credenciales no están suficientemente protegidas. ID de IBM X-Force: 229446. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229446 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34310 – IBM CICS TX information disclosure
https://notcve.org/view.php?id=CVE-2022-34310
12 Feb 2024 — IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. IBM CICS TX Standard y Advanced 11.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 229441. • https://exchange.xforce.ibmcloud.com/vulnerabilities/229441 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43018 – IBM CICS TX privilege escalation
https://notcve.org/view.php?id=CVE-2023-43018
02 Nov 2023 — IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. IBM CICS TX Standard 11.1 y Advanced 10.1, 11.1 realiza una operación en un nivel de privilegio superior al nivel mínimo requerido, lo que crea nuevas debilidades o amplifica las consecuencias de otras debilidades. ID de IBM X-Force: 266163. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266163 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •