OpenCVE

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ibm	Cics Transaction Gateway

Configuration 1 [-]

OR	cpe:2.3:a:ibm:cics_transaction_gateway:9.2:::::multiplatforms::
	cpe:2.3:a:ibm:cics_transaction_gateway:9.3:::::multiplatforms::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/273612
https://https://www.ibm.com/support/pages/node/7145418

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://exchange.xforce.ibmcloud.com/vulnerabilities/273612

Wed, 23 Oct 2024 11:45:00 +0000

Type	Values Removed	Values Added
References	https://exchange.xforce.ibmcloud.com/vulnerabilities/273612

Wed, 23 Oct 2024 11:15:00 +0000

Type	Values Removed	Values Added
Description	IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 273612.	IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.
Metrics	cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-03-31T12:00:11.233Z

Updated: 2024-10-23T10:59:46.860Z

Reserved: 2023-12-07T01:29:00.310Z

Link: CVE-2023-50311

Vulnrichment

Updated: 2024-08-02T22:16:46.217Z

NVD

Status : Modified

Published: 2024-03-31T12:15:49.340

Modified: 2024-11-21T08:36:50.263

Link: CVE-2023-50311

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50311", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-12-07T01:29:00.310Z", "datePublished": "2024-03-31T12:00:11.233Z", "dateUpdated": "2024-10-23T10:59:46.860Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:cics_transaction_gateway:9.2:*:*:*:*:multiplatforms:*:*", "cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:multiplatforms:*:*"], "defaultStatus": "unaffected", "product": "CICS Transaction Gateway for Multiplatforms", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.2, 9.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages."}], "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-10-23T10:59:46.860Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://https://www.ibm.com/support/pages/node/7145418"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM CICS Transaction Gateway for Multiplatforms information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T21:01:58.938895Z", "id": "CVE-2023-50311", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T21:02:04.684Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.217Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://https://www.ibm.com/support/pages/node/7145418"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273612"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://https://www.ibm.com/support/pages/node/7145418", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273612", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:46.217Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50311", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-12T21:01:58.938895Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T21:02:02.332Z"}}], "cna": {"title": "IBM CICS Transaction Gateway for Multiplatforms information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:cics_transaction_gateway:9.2:*:*:*:*:multiplatforms:*:*", "cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:multiplatforms:*:*"], "vendor": "IBM", "product": "CICS Transaction Gateway for Multiplatforms", "versions": [{"status": "affected", "version": "9.2, 9.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://https://www.ibm.com/support/pages/node/7145418", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.", "supportingMedia": [{"type": "text/html", "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-10-23T10:59:46.860Z"}}}, "cveMetadata": {"cveId": "CVE-2023-50311", "state": "PUBLISHED", "dateUpdated": "2024-10-23T10:59:46.860Z", "dateReserved": "2023-12-07T01:29:00.310Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-03-31T12:00:11.233Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_transaction_gateway:9.2:*:*:*:*:multiplatforms:*:*", "matchCriteriaId": "B6D13B6F-9265-459A-A654-4B5872C81CAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:cics_transaction_gateway:9.3:*:*:*:*:multiplatforms:*:*", "matchCriteriaId": "7E9F94E4-76EC-4324-A98F-61BFAD7CFE4C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages."}, {"lang": "es", "value": "IBM CICS Transaction Gateway for Multiplatforms 9.2 y 9.3 transmite o almacena credenciales de autenticaci\u00f3n, pero utiliza un m\u00e9todo inseguro que es susceptible de interceptaci\u00f3n y/o recuperaci\u00f3n no autorizada. ID de IBM X-Force: 273612."}], "id": "CVE-2023-50311", "lastModified": "2024-11-21T08:36:50.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2024-03-31T12:15:49.340", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://https://www.ibm.com/support/pages/node/7145418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://https://www.ibm.com/support/pages/node/7145418"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}