Medium Severity

Security Bulletin: IBM CICS TX Advanced is vulnerable to a stored cross-site scripting attack (CVE-2022-34167)

July 6, 2022

Categorized: Medium Severity

Share this post:

IBM CICS TX Advanced could allow users to embed arbitrary JavaScript code which may allow trusted credentials disclosure. The fix removes this vulnerability (CVE-2022-34167) from IBM CICS TX Advanced.

CVE(s): CVE-2022-34167

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM CICS TX Advanced 11.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6601657
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/229432


Previous Post

Security Bulletin: A security vulnerability has been identified in Apache POI shipped with IBM Tivoli Netcool Impact (CVE-2019-12415)

Next Post

Security Bulletin: Multiple security vulnerabilities fixed in IBM Security Verify Access Appliance (CVE-2022-23308, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712)
More stories

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

August 9, 2022 | Medium Severity

IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. ...read more

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to SnakeYAML (CVE-2017-18640)

August 9, 2022 | Medium Severity

MyFG 2.0 of IBM Sterling B2B Integrator uses SnakeYAML. There is a denial of service vulnerability in SnakeYAML which has been addressed. ...read more

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2021-35550, CVE-2021-35603)

August 9, 2022 | Medium Severity

There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. ...read more