IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.