IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Hp
  • Hp-ux
Ibm
  • Aix
  • Cics Tx
  • Txseries For Multiplatforms
Linux
  • Linux Kernel
Microsoft
  • Windows

Configuration 1 [-]

AND
OR cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/266057 cve-icon cve-icon cve-icon
https://www.ibm.com/support/pages/node/7063659 cve-icon cve-icon cve-icon
https://www.ibm.com/support/pages/node/7063664 cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2024-09-05T14:34:26.166Z

Reserved: 2023-09-06T19:33:25.776Z

Link: CVE-2023-42027

cve-icon Vulnrichment

Updated: 2024-08-02T19:16:49.655Z

cve-icon NVD

Status : Modified

Published: 2023-11-03T00:15:12.593

Modified: 2024-11-21T08:22:07.380

Link: CVE-2023-42027

cve-icon Redhat

No data.