SB2024082611 - Multiple vulnerabilities in IBM CICS Transaction Gateway Desktop Edition 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024082611

SB2024082611 - Multiple vulnerabilities in IBM CICS Transaction Gateway Desktop Edition

Published: August 26, 2024

Security Bulletin ID SB2024082611
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Insufficiently protected credentials (CVE-ID: CVE-2023-50310)

The vulnerability allows a remote privileged user to gain access to other users' credentials.

The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.


2) Insufficiently protected credentials (CVE-ID: CVE-2023-50311)

The vulnerability allows a remote privileged user to gain access to other users' credentials.

The vulnerability exists due to IBM CICS Transaction Gateway transmits or stores authentication credentials using insecure method that is susceptible to unauthorized interception and/or retrieval. A remote privileged user can view contents of the configuration file and gain access to passwords for 3rd party integration.


Remediation

Install update from vendor's website.

References