CVE-2023-42027: IBM CICS TX cross-site request forgery

Reference Links

• https://www.ibm.com/support/pages/node/7063659 (Advisory)
• https://www.ibm.com/support/pages/node/7063664
• https://exchange.xforce.ibmcloud.com/vulnerabilities/266057

Parent vulnerabilities

(Appears in the following advisories)

• IBM-7063659

Frequently Asked Questions

• What is CVE-2023-42027?

  CVE-2023-42027 is a vulnerability in IBM CICS TX that allows cross-site request forgery.

• What is the severity of CVE-2023-42027?

  CVE-2023-42027 has a severity rating of 4.3, which is considered medium.

• Which versions of IBM CICS TX are affected by CVE-2023-42027?

  IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are affected by CVE-2023-42027.

• How can an attacker exploit CVE-2023-42027?

  An attacker can exploit CVE-2023-42027 by executing malicious actions transmitted from a trusted user of the vulnerable website.

• How can I fix CVE-2023-42027?

  You can fix CVE-2023-42027 by applying the appropriate patches provided by IBM for the affected versions of IBM CICS TX. You can find the patches at the following URLs: [Patch for TXSeries for Multiplatforms 8.1](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Liberty_102023&source=SAR), [Patch for TXSeries for Multiplatforms 8.2](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_102023&source=SAR), [Patch for TXSeries for Multiplatforms 9.1](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_102023&source=SAR).