CVE-2022-33955 - OpenCVE

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Cics Tx

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cics_tx:11.1::::advanced:::
	cpe:2.3:a:ibm:cics_tx:11.1::::standard:::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/229312
https://www.ibm.com/support/pages/node/6608186
https://www.ibm.com/support/pages/node/6608190

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-08-01T15:40:24.074367Z

Updated: 2024-09-16T20:03:15.121Z

Reserved: 2022-06-17T00:00:00

Link: CVE-2022-33955

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-01T16:15:07.083

Modified: 2022-08-05T21:50:06.127

Link: CVE-2022-33955

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CICS TX Advanced", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}, {"product": "CICS TX Standard", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}], "datePublic": "2022-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/C:L/I:L/S:U/AC:L/A:L/UI:N/PR:N/RL:O/RC:C/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T15:40:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6608186"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6608190"}, {"name": "ibm-cics-cve202233955-code-exec (229312)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-29T00:00:00", "ID": "CVE-2022-33955", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CICS TX Advanced", "version": {"version_data": [{"version_value": "11.1"}]}}, {"product_name": "CICS TX Standard", "version": {"version_data": [{"version_value": "11.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "P", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6608186", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6608186 (CICS TX Advanced)", "url": "https://www.ibm.com/support/pages/node/6608186"}, {"name": "https://www.ibm.com/support/pages/node/6608190", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6608190 (CICS TX Standard)", "url": "https://www.ibm.com/support/pages/node/6608190"}, {"name": "ibm-cics-cve202233955-code-exec (229312)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229312"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:15.908Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6608186"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6608190"}, {"name": "ibm-cics-cve202233955-code-exec (229312)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229312"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-33955", "datePublished": "2022-08-01T15:40:24.074367Z", "dateReserved": "2022-06-17T00:00:00", "dateUpdated": "2024-09-16T20:03:15.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312."}, {"lang": "es", "value": "IBM CICS TX versi\u00f3n 11.1, podr\u00eda permitir a un atacante con acceso f\u00edsico al sistema ejecutar c\u00f3digo debido a un ataque de retroceso y actualizaci\u00f3n. IBM X-Force ID: 229312"}], "id": "CVE-2022-33955", "lastModified": "2022-08-05T21:50:06.127", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T16:15:07.083", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229312"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608186"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6608190"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}