Skip to main content

Txseries For Multiplatforms CVE-2023-42027

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-11-03 psirt@us.ibm.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 03, 2023 - 00:15 nvd
HIGH 8.8

DescriptionNVD

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.

AnalysisAI

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. Affected products include: Ibm Txseries For Multiplatforms, Ibm Cics Tx.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-33848 MEDIUM
6.5 Jun 07

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could allow a pri

CVE-2024-41738 MEDIUM
5.9 Nov 01

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an

CVE-2024-56475 MEDIUM
5.4 Apr 02

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2023-42029 MEDIUM
5.4 Nov 03

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-si

CVE-2025-0154 MEDIUM
5.3 Apr 02

IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper n

CVE-2024-41741 MEDIUM
5.3 Nov 01

IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing di

CVE-2023-42031 MEDIUM
4.9 Oct 25

IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privil

CVE-2024-56474 MEDIUM
4.3 Apr 02

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker t

CVE-2023-33849 LOW
3.7 Jun 07

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit se

CVE-2024-56476 MEDIUM
5.3 Apr 02

IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login a

CVE-2024-41743 HIGH
7.5 Jan 19

IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connect

CVE-2024-41742 HIGH
7.5 Jan 19

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout

Share

CVE-2023-42027 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy