CVE-2023-33847: IBM CICS TX information disclosure

First published: Tue Jun 06 2023(Updated: )

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257102.

Credit: psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• agent/title
• agent/severity
• agent/remedy
• agent/author
• agent/description
• agent/last-modified-date
• agent/event
• collector/ibm-support
• source/IBM
• agent/software-canonical-lookup
• agent/source
• agent/softwarecombine
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• vendor/ibm
• canonical/ibm cics tx advanced
• version/ibm cics tx advanced/10.1
• version/ibm cics tx advanced/11.1
• canonical/ibm txseries for multiplatform
• version/ibm txseries for multiplatform/8.1
• canonical/ibm aix
• vendor/linux
• canonical/linux kernel
• version/ibm txseries for multiplatform/8.2
• vendor/hp
• canonical/hpe hp-ux
• version/ibm txseries for multiplatform/9.1
• canonical/ibm cics tx
• version/ibm cics tx/10.1
• version/ibm cics tx/11.1