CVE-2023-50311

Published: Mar 31, 2024Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD (Secondary)

Description

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.

Affected (2)

Products: Ibm: Cics Transaction Gateway

Ibm

1 product

Cics Transaction Gateway

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cics Transaction Gateway	Version 9.2
Ibm Cics Transaction Gateway	Version 9.3

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (3)

https://https://www.ibm.com/support/pages/node/7145418

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/273612

Source: af854a3a-2127-422b-91ae-364da2661108

https://https://www.ibm.com/support/pages/node/7145418

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.