← Back

CVE-2023-33847

nvd nist
Published: Jun 8, 2023Modified: Nov 21, 2024

JSON object

Loading...
3.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 1.6 / Impact: 1.4
Source: NVD

Description

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

Affected (6)

Ibm
2 products
Txseries For Multiplatform
Cics Tx
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Txseries For Multiplatform
Version 8.1
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Txseries For Multiplatform
From 8.2 to 8.2.0.2
Running on/withPlatform Versions
Hp
Hp Ux
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Txseries For Multiplatform
From 9.1 to 9.1.0.2
Running on/withPlatform Versions
Ibm
Aix
All versions
Configuration D
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Cics Tx
Version 10.1
Cics Tx
Version 11.1
Cics Tx
Version 11.1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

References (8)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.