CVE-2022-34313 MEDIUM

CVE-2022-34313: IBM CICS TX Standard is vulnerable to allowing attackers access to an application via insecure session cookies

Vendor Ibm
Product CICS TX
Weakness CWE-200 · Info exposure
Published November 14, 2022
Last update April 30, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.

Key dates

02Disclosure timeline

November 14, 2022 CVE published
April 30, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-20270 Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability CVE-2025-13006 SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server