CVE-2023-42027: IBM CICS TX cross-site request forgery
First published: Tue Oct 31 2023(Updated: )
IBM CICS TX is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM TXSeries for Multiplatforms | =8.1 | |
| IBM TXSeries for Multiplatforms | =9.1 | |
| IBM AIX | ||
| Linux Linux kernel | ||
| IBM CICS TX | =10.1 | |
| IBM CICS TX | =11.1 | |
| IBM CICS TX | =11.1 | |
| IBM TXSeries for Multiplatforms | =8.2 | |
| HP HP-UX | ||
| Microsoft Windows | ||
| IBM CICS TX Advanced | <=10.1 | |
| IBM CICS TX Advanced | <=11.1 | |
| IBM CICS TX Standard | <=11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-42027?
CVE-2023-42027 is a vulnerability in IBM CICS TX that allows cross-site request forgery.
What is the severity of CVE-2023-42027?
CVE-2023-42027 has a severity rating of 4.3, which is considered medium.
Which versions of IBM CICS TX are affected by CVE-2023-42027?
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are affected by CVE-2023-42027.
How can an attacker exploit CVE-2023-42027?
An attacker can exploit CVE-2023-42027 by executing malicious actions transmitted from a trusted user of the vulnerable website.
How can I fix CVE-2023-42027?
You can fix CVE-2023-42027 by applying the appropriate patches provided by IBM for the affected versions of IBM CICS TX. You can find the patches at the following URLs: [Patch for TXSeries for Multiplatforms 8.1](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Liberty_102023&source=SAR), [Patch for TXSeries for Multiplatforms 8.2](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_102023&source=SAR), [Patch for TXSeries for Multiplatforms 9.1](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_102023&source=SAR).
- collector/nvd-api
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/type
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm txseries for multiplatforms
- version/ibm txseries for multiplatforms/8.1
- version/ibm txseries for multiplatforms/9.1
- canonical/ibm aix
- vendor/linux
- canonical/linux linux kernel
- canonical/ibm cics tx
- version/ibm cics tx/10.1
- version/ibm cics tx/11.1
- version/ibm txseries for multiplatforms/8.2
- vendor/hp
- canonical/hp hp-ux
- vendor/microsoft
- canonical/microsoft windows
- canonical/ibm cics tx advanced
- version/ibm cics tx advanced/10.1
- version/ibm cics tx advanced/11.1
- canonical/ibm cics tx standard
- version/ibm cics tx standard/11.1