CVE-2023-38363

EPSS 0.06%
Published 13.11.2023 02:15:08
Last modified 21.11.2024 08:13:25
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Cics Tx Version10.1 SwEditionadvanced

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
psirt@us.ibm.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

https://exchange.xforce.ibmcloud.com/vulnerabilities/260818

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/7067987

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38363

EUVD