QwikSec

Security Database

CVE

CWE

Training

CVE-2023-33846

Published: Jun 8, 2023

Modified: Jan 6, 2025

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.

Vendor	Product	Versions
IBM	TXSeries for Multiplatforms	affected `8.1, 8.2, 9.1`
IBM	CICS TX Standard	affected `11.1`
IBM	CICS TX Advanced	affected `10.1, 11.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/257100

vdb-entry

https://www.ibm.com/support/pages/node/7001601

vendor-advisory

https://www.ibm.com/support/pages/node/7001629

vendor-advisory

https://www.ibm.com/support/pages/node/7001633

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.