CVE-2023-33849

IBM CICS TX information disclosure

Description

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.

References

Link	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/257105	vdb entry vendor advisory
https://www.ibm.com/support/pages/node/7001687	vendor advisory
https://www.ibm.com/support/pages/node/7001697	vendor advisory
https://www.ibm.com/support/pages/node/7001695	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-33849?: CVE-2023-33849 has been scored as a low severity vulnerability.
How to fix CVE-2023-33849?: To fix CVE-2023-33849, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-33849 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-33849 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-33849?: CVE-2023-33849 affects IBM TXSeries for Multiplatforms, IBM CICS TX Standard, IBM CICS TX Advanced.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-311 – Missing Encryption of Sensitive Data

References

Frequently Asked Questions