CVE-2023-50310 - Vulnerability Details

Description

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Published: 2024-10-23

Score: 4.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

IBM

CICS Transaction Gateway for Multiplatforms

unaffected

Version	Status	Constraints
`9.2, 9.3`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cics_transaction_gateway:9.2:::::multiplatforms::
	cpe:2.3:a:ibm:cics_transaction_gateway:9.3:::::multiplatforms::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-55115	IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.ibm.com/support/pages/node/7145418

History

Wed, 23 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 11:00:00 +0000

Type	Values Removed	Values Added
Description		IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Title		IBM CICS Transaction Gateway for Multiplatforms information disclosure
First Time appeared		Ibm Ibm cics Transaction Gateway
Weaknesses		CWE-522
CPEs		cpe:2.3:a:ibm:cics_transaction_gateway:9.2:::::multiplatforms:: cpe:2.3:a:ibm:cics_transaction_gateway:9.3:::::multiplatforms::
Vendors & Products		Ibm Ibm cics Transaction Gateway
References		https://www.ibm.com/support/pages/node/7145418
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Ibm Cics Transaction Gateway

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-10-23T10:55:53.145Z

Updated: 2024-10-23T13:45:26.181Z

Reserved: 2023-12-07T01:29:00.310Z

Link: CVE-2023-50310

Vulnrichment

Updated: 2024-10-23T13:45:23.063Z

NVD

Status : Analyzed

Published: 2024-10-23T11:15:12.600

Modified: 2024-11-05T16:40:57.533

Link: CVE-2023-50310

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-522

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object