CVE-2023-43018
IBM CICS TX privilege escalation
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.
IBM CICS TX Standard 11.1 y Advanced 10.1, 11.1 realiza una operación en un nivel de privilegio superior al nivel mínimo requerido, lo que crea nuevas debilidades o amplifica las consecuencias de otras debilidades. ID de IBM X-Force: 266163.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-15 CVE Reserved
- 2023-11-02 CVE Published
- 2024-09-05 CVE Updated
- 2025-06-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
- CWE-269: Improper Privilege Management
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ibm.com/support/pages/node/7063668 | 2023-11-09 |
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/266163 | 2023-11-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Cics Tx Search vendor "Ibm" for product "Cics Tx" | 10.1 Search vendor "Ibm" for product "Cics Tx" and version "10.1" | advanced |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Cics Tx Search vendor "Ibm" for product "Cics Tx" | 11.1 Search vendor "Ibm" for product "Cics Tx" and version "11.1" | advanced |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Cics Tx Search vendor "Ibm" for product "Cics Tx" | 11.1 Search vendor "Ibm" for product "Cics Tx" and version "11.1" | standard |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|