CVE-2023-33846

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:ibm:txseries_for_multiplatform:*:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:ibm:txseries_for_multiplatform:*:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

16 Jun 2023, 14:41

Type Values Removed Values Added
CPE cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatform:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
First Time Linux linux Kernel
Hp
Ibm txseries For Multiplatform
Linux
Ibm cics Tx
Ibm
Ibm aix
Hp hp-ux
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79
References (MISC) https://www.ibm.com/support/pages/node/7001633 - (MISC) https://www.ibm.com/support/pages/node/7001633 - Patch, Vendor Advisory
References (MISC) https://www.ibm.com/support/pages/node/7001601 - (MISC) https://www.ibm.com/support/pages/node/7001601 - Patch, Vendor Advisory
References (MISC) https://www.ibm.com/support/pages/node/7001629 - (MISC) https://www.ibm.com/support/pages/node/7001629 - Patch, Vendor Advisory
References (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/257100 - (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/257100 - VDB Entry, Vendor Advisory

08 Jun 2023, 02:44

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-08 01:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-33846

Mitre link : CVE-2023-33846

CVE.ORG link : CVE-2023-33846


JSON object : View

Products Affected

hp

  • hp-ux

ibm

  • aix
  • cics_tx
  • txseries_for_multiplatform

linux

  • linux_kernel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')