CVE-2022-34160 - OpenCVE

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Cics Tx
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:cics_tx:11.1::::advanced:::
	cpe:2.3:a:ibm:cics_tx:11.1::::standard:::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/229330
https://www.ibm.com/support/pages/node/6601553
https://www.ibm.com/support/pages/node/6601555

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-07-08T17:00:22.463535Z

Updated: 2024-09-16T22:03:13.614Z

Reserved: 2022-06-20T00:00:00

Link: CVE-2022-34160

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-08T17:15:08.180

Modified: 2023-08-08T14:21:49.707

Link: CVE-2022-34160

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CICS TX Advanced", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}, {"product": "CICS TX Standard", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.1"}]}], "datePublic": "2022-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.7, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/I:L/C:L/UI:R/S:U/AV:N/PR:N/A:N/RL:O/E:U/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-08T17:00:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6601553"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6601555"}, {"name": "ibm-cics-cve202234160-html-injection (229330)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229330"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-07-07T00:00:00", "ID": "CVE-2022-34160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CICS TX Advanced", "version": {"version_data": [{"version_value": "11.1"}]}}, {"product_name": "CICS TX Standard", "version": {"version_data": [{"version_value": "11.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "L", "PR": "N", "S": "U", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6601553", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6601553 (CICS TX Standard)", "url": "https://www.ibm.com/support/pages/node/6601553"}, {"name": "https://www.ibm.com/support/pages/node/6601555", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6601555 (CICS TX Advanced)", "url": "https://www.ibm.com/support/pages/node/6601555"}, {"name": "ibm-cics-cve202234160-html-injection (229330)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229330"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:17.180Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6601553"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6601555"}, {"name": "ibm-cics-cve202234160-html-injection (229330)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229330"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-34160", "datePublished": "2022-07-08T17:00:22.463535Z", "dateReserved": "2022-06-20T00:00:00", "dateUpdated": "2024-09-16T22:03:13.614Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330."}, {"lang": "es", "value": "IBM CICS TX Standard y Advanced versi\u00f3n 11.1, es vulnerable a una inyecci\u00f3n de HTML. Un atacante remoto podr\u00eda inyectar c\u00f3digo HTML malicioso que, cuando sea visualizado, ser\u00e1 ejecutado en el navegador web de la v\u00edctima dentro del contexto de seguridad del sitio de alojamiento. IBM X-Force ID: 229330"}], "id": "CVE-2022-34160", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-08T17:15:08.180", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/229330"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6601553"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6601555"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}