Description

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.

Related CPE's

a

ibm

cics_tx

2

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/229452

VDB Entry

https://www.ibm.com/support/pages/node/6833176

PatchVendor Advisory

https://www.ibm.com/support/pages/node/6833178

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-116

[email protected]

Secondary
CWE-644

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-14T19:15:13.383

2 years ago

Last modified

2023-11-07T03:48:32.057

1 year ago