SB2024042301 - Multiple vulnerabilities in IBM CICS Transaction Gateway for Multiplatforms

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024042301

SB2024042301 - Multiple vulnerabilities in IBM CICS Transaction Gateway for Multiplatforms

Published: April 23, 2024

Security Bulletin ID SB2024042301
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Insufficiently protected credentials (CVE-ID: CVE-2023-50310)

The vulnerability allows a remote privileged user to gain access to other users' credentials.

The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.


2) Insufficiently protected credentials (CVE-ID: CVE-2023-50311)

The vulnerability allows a remote privileged user to gain access to other users' credentials.

The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.


Remediation

Install update from vendor's website.

References