Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3B0D8ACB4B5B2255EF9DEA45EAD9EA39000AEC094741C7FC25293C12152020E1
HistoryFeb 14, 2023 - 9:04 p.m.

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.

2023-02-1421:04:36
www.ibm.com
22
ibm cics tx advanced
golang go
vulnerabilities
downloading fix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.8%

JSON

Summary

IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go. The fix removes these vulnerabilities from IBM CICS TX Advanced.

Vulnerability Details

CVEID:CVE-2022-27191
**DESCRIPTION:**Go ssh package is vulnerable to a denial of service, caused by an unspecified flaw in certain circumstances involving AddHostKey. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222162 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-11841
**DESCRIPTION:**Golang could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the clearsign package of supplementary Go cryptography libraries. An attacker could exploit this vulnerability to spoof the messages.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160985 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS TX Advanced 11.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities by downloading and applying the interim fix from the table below.

Product

|

Version

|

Defect

|

Remediation / First Fix

—|—|—|—

IBM CICS TX Advanced

|

11.1

|

127799

|

Download the fix from here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_txMatch11.1

Related

ibm 2
cvelist 2
cve 1
packetstorm 1
nessus 2
prion 1
nvd 2
cgr 2
osv 4
openvas 81
ubuntucve 2
veracode 2
debian 1
debiancve 1
github 2
wolfi 1
fedora 88
gitlab 1
rocky 2
redhat 1
ibm
ibm
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.
2023-02-14 21:14:53
Security Bulletin: API Connect V2018 is impacted by vulnerabilities in golang (CVE-2019-11841)
2019-08-13 21:02:31
cvelist
cvelist
CVE-2019-11841
2019-05-22 00:00:00
CVE-2022-27191
2022-03-18 06:03:34
cve
cve
CVE-2019-11841
2019-05-22 17:29:00
packetstorm
packetstorm
Go Cryptography Libraries Cleartext Message Spoofing
2019-05-13 00:00:00
nessus
nessus
Debian DLA-1920-1 : golang-go.crypto security update
2019-09-16 00:00:00
RHEL 7 / 8 : OpenShift Virtualization 4.11.0 RPMs (RHSA-2022:6527)
2024-04-28 00:00:00
prion
prion
Design/Logic Flaw
2019-05-22 17:29:00
nvd
nvd
CVE-2019-11841
2019-05-22 17:29:00
CVE-2022-27191
2022-03-18 07:15:06
cgr
cgr
CVE-2019-11841 vulnerabilities
2024-05-19 03:07:16
CVE-2022-27191 vulnerabilities
2024-05-19 03:07:16
osv
osv
Golang/x/crypto message forgery vulnerability
2022-05-24 16:46:15
Misleading message verification in golang.org/x/crypto/openpgp/clearsign
2023-08-23 14:38:42
golang-go.crypto - security update
2019-09-13 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1920-1)
2019-09-14 00:00:00
Fedora: Security Advisory for golang-github-cockroachdb-pebble (FEDORA-2022-08ae2dd481)
2022-05-08 00:00:00
Fedora: Security Advisory for golang-github-appc-docker2aci (FEDORA-2022-3a63897745)
2022-04-29 00:00:00
ubuntucve
ubuntucve
CVE-2019-11841
2019-05-22 00:00:00
CVE-2022-27191
2022-03-18 00:00:00
veracode
veracode
Cleartext Message Spoofing
2019-05-14 07:10:00
Denial Of Service (DoS)
2022-04-14 18:23:16
debian
debian
[SECURITY] [DLA 1920-1] golang-go.crypto security update
2019-09-13 06:19:49
debiancve
debiancve
CVE-2019-11841
2019-05-22 17:29:00
github
github
Golang/x/crypto message forgery vulnerability
2022-05-24 16:46:15
Cleartext Signed Message Signature Spoofing in openpgp
2023-08-29 17:36:40
wolfi
wolfi
CVE-2019-11841 vulnerabilities
2024-07-22 09:09:16
fedora
fedora
[SECURITY] Fedora 35 Update: golang-k8s-sample-controller-1.22.0-3.fc35
2022-04-28 05:53:39
[SECURITY] Fedora 35 Update: chisel-1.7.7-2.fc35
2022-04-28 05:53:35
[SECURITY] Fedora 34 Update: golang-github-pact-foundation-1.5.1-5.fc34
2022-04-28 05:55:47
gitlab
gitlab
Use of a Broken or Risky Cryptographic Algorithm
2022-03-19 00:00:00
rocky
rocky
podman security and bug fix update
2023-01-26 21:50:01
buildah security and bug fix update
2023-01-26 21:50:01
redhat
redhat
(RHSA-2022:9107) Moderate: OpenShift Container Platform 4.11.21 bug fix and security update
2023-01-04 06:44:18

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.8%

JSON
Related for 3B0D8ACB4B5B2255EF9DEA45EAD9EA39000AEC094741C7FC25293C12152020E1
ibm2cvelist2cve1packetstorm1nessus2prion1nvd2cgr2osv4openvas81ubuntucve2veracode2debian1debiancve1github2wolfi1fedora88gitlab1rocky2redhat1