IBMD60F553FA26670D511E0E6C7075CFF83A5606641BF600EA9789C6B1048988087Security Bulletin: IBM CICS TX Standard is vulnerable to a local user impersonating another legitimate user (CVE-2022-34164).
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%
Summary
IBM CICS TX could allow a local user to impersonate another legitimate user due to improper input validation. The fix removes this vulnerability (CVE-2022-34164) from IBM CICS TX Standard.
Vulnerability Details
CVEID:CVE-2022-34164
**DESCRIPTION:**IBM CICS TX could allow a local user to impersonate another legitimate user due to improper input validation.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229338 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Standard | 11.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability by downloading and applying the interim fixes from the table below
Product
|
Version
|
Defect
|
Remediation / First Fix
—|—|—|—
IBM CICS TX Standard
|
11.1
|
127640
|
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%