CVE-2022-34313

Description

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.

Related CPE's

a ibm cics_tx 11.1 ***advanced ***

a ibm cics_tx 11.1 ***standard ***

References

https://www.ibm.com/support/pages/node/6833164

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/229449

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6833158

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io