First published: Tue Oct 31 2023(Updated: )
IBM CICS TX is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM TXSeries for Multiplatforms | =8.1 | |
IBM TXSeries for Multiplatforms | =9.1 | |
IBM AIX | ||
Linux Linux kernel | ||
IBM CICS TX | =10.1 | |
IBM CICS TX | =11.1 | |
IBM CICS TX | =11.1 | |
IBM TXSeries for Multiplatforms | =8.2 | |
HP HP-UX | ||
Microsoft Windows | ||
IBM CICS TX Advanced | <=10.1 | |
IBM CICS TX Advanced | <=11.1 | |
IBM CICS TX Standard | <=11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-42027 is a vulnerability in IBM CICS TX that allows cross-site request forgery.
CVE-2023-42027 has a severity rating of 4.3, which is considered medium.
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are affected by CVE-2023-42027.
An attacker can exploit CVE-2023-42027 by executing malicious actions transmitted from a trusted user of the vulnerable website.
You can fix CVE-2023-42027 by applying the appropriate patches provided by IBM for the affected versions of IBM CICS TX. You can find the patches at the following URLs: [Patch for TXSeries for Multiplatforms 8.1](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Liberty_102023&source=SAR), [Patch for TXSeries for Multiplatforms 8.2](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_102023&source=SAR), [Patch for TXSeries for Multiplatforms 9.1](https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Liberty_102023&source=SAR).