CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities.
CVEID:CVE-2023-50310
**DESCRIPTION:**IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 273612.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-50311
**DESCRIPTION:**IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages. IBM X-Force ID: 273614.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273614 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM App Connect Enterprise |
12.0.1.0 - 12.0.12.2
IBM App Connect Enterprise|
11.0.0.1 - 11.0.0.25
IBM Integration Bus for z/OS|
10.1 - 10.1.0.3
**IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS **
Affected Product(s)
|
Version(s)
| APAR|
Remediation / Fixes
—|—|—|—
IBM App Connect Enterprise| 12.0.1.0 - 12.0.12.2| IT45884|
The APAR (IT45884) is available from
IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.3
IBM App Connect Enterprise| 11.0.0.1 - 11.0.0.25| IT45884|
The APAR (IT45884) is available from
IBM App Connect Enterprise v11- Fix Pack Release 11.0.0.26
IBM Integration Bus for z/OS| 10.1 - 10.1.0.3| IT45884|
Interim fix for APAR (IT45884) is available to apply to 10.1.0.3 from
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | app_connect_enterprise | * | cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:* |
ibm | integration_bus | * | cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low