IBM CICS TX update for golang
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-29652 CVE-2017-14623 CVE-2021-43565 CVE-2017-3204 CVE-2020-15113 CVE-2020-9283 |
| CWE-ID | CWE-476 CWE-287 CWE-20 CWE-300 CWE-281 CWE-617 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
IBM CICS TX Advanced Universal components / Libraries / Software for developers IBM CICS TX Standard Universal components / Libraries / Software for developers |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU69449
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-29652
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing an authentication request message for the “gssapi-with-mic” method. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM CICS TX Advanced: before 11.1.0.0 ifix5
IBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_cics_tx_standard:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6833250
https://www.ibm.com/support/pages/node/6833248
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU69453
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-14623
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in processing authentication requests. A remote attacker can bypass authentication process and login with an empty password under certain conditions.
Install update from vendor's website.
Vulnerable software versionsIBM CICS TX Advanced: before 11.1.0.0 ifix5
IBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_cics_tx_standard:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6833250
https://www.ibm.com/support/pages/node/6833248
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU64805
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43565
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM CICS TX Advanced: before 11.1.0.0 ifix5
IBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_cics_tx_standard:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6833250
https://www.ibm.com/support/pages/node/6833248
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU69451
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-3204
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to Go Crypto library does not verify host keys. A remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsIBM CICS TX Advanced: before 11.1.0.0 ifix5
IBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_cics_tx_standard:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6833250
https://www.ibm.com/support/pages/node/6833248
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Preservation of Permissions
EUVDB-ID: #VU41647
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-15113
CWE-ID:
CWE-281 - Improper preservation of permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software improperly sets permissions to certain directory paths in case they were previously created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients). A local user can gain unauthorized access to sensitive information on the system.
Install update from vendor's website.
Vulnerable software versionsIBM CICS TX Advanced: before 11.1.0.0 ifix5
IBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_cics_tx_standard:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6833250
https://www.ibm.com/support/pages/node/6833248
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Reachable Assertion
EUVDB-ID: #VU69447
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-9283
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion during signature verification process. A remote attacker can supply a specially crafted certificate to the application (server or client) and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM CICS TX Advanced: before 11.1.0.0 ifix5
IBM CICS TX Standard: before 11.1.0.0 ifix5
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_cics_tx_standard:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6833250
https://www.ibm.com/support/pages/node/6833248
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
