CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
35.5%
CICS Transaction Gateway Containers are vulnerable to CVE-2023-47140 if proper egress/ingress policies are not configured at either POD or HOST level.
CVEID:CVE-2023-47140
**DESCRIPTION:**IBM CICS Transaction Gateway could allow a user to transfer or view files due to improper access controls.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270259 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM CICS Transaction Gateway Containers | 9.3 |
IBM strongly recommends addressing the vulnerability now.
Product
| VRMF|Platforms|Remediation/First Fix
—|—|—|—
CICS Transaction Gateway for Multiplatforms| 9.3.0.0| Linux on IBM Z container |
Threat actors can use exfiltration techniques that enable them to intercept networks which can result in data loss or leakage. Ingress and egress filtering keeps suspicious traffic out of the network. In order to create a Network policy for your CICS Transaction Gateway container, follow these instructions: Restricting network traffic for CICS Transaction Gateway containers
CICS Transaction Gateway for Multiplatforms | 9.3.0.0| Linux on Intel container
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cics_transaction_gateway | 9.3 | cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
35.5%