CVE-2023-33847
IBM CICS TX information disclosure
Severity Score
3.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-23 CVE Reserved
- 2023-06-08 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ibm.com/support/pages/node/7001635 | 2023-06-16 | |
| https://www.ibm.com/support/pages/node/7001641 | 2023-06-16 | |
| https://www.ibm.com/support/pages/node/7001645 | 2023-06-16 |
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/257102 | 2023-06-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | 8.1 Search vendor "Ibm" for product "Txseries For Multiplatform" and version "8.1" | - |
Affected
| in | Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | 8.1 Search vendor "Ibm" for product "Txseries For Multiplatform" and version "8.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | >= 8.2 < 8.2.0.2 Search vendor "Ibm" for product "Txseries For Multiplatform" and version " >= 8.2 < 8.2.0.2" | - |
Affected
| in | Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | >= 8.2 < 8.2.0.2 Search vendor "Ibm" for product "Txseries For Multiplatform" and version " >= 8.2 < 8.2.0.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | >= 8.2 < 8.2.0.2 Search vendor "Ibm" for product "Txseries For Multiplatform" and version " >= 8.2 < 8.2.0.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | >= 9.1 < 9.1.0.2 Search vendor "Ibm" for product "Txseries For Multiplatform" and version " >= 9.1 < 9.1.0.2" | - |
Affected
| in | Ibm Search vendor "Ibm" | Aix Search vendor "Ibm" for product "Aix" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Txseries For Multiplatform Search vendor "Ibm" for product "Txseries For Multiplatform" | >= 9.1 < 9.1.0.2 Search vendor "Ibm" for product "Txseries For Multiplatform" and version " >= 9.1 < 9.1.0.2" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Cics Tx Search vendor "Ibm" for product "Cics Tx" | 10.1 Search vendor "Ibm" for product "Cics Tx" and version "10.1" | advanced |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Cics Tx Search vendor "Ibm" for product "Cics Tx" | 11.1 Search vendor "Ibm" for product "Cics Tx" and version "11.1" | advanced |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Cics Tx Search vendor "Ibm" for product "Cics Tx" | 11.1 Search vendor "Ibm" for product "Cics Tx" and version "11.1" | standard |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|