CVE-2023-33849

Name of the Vulnerable Software and Affected Versions IBM TXSeries for Multiplatforms versions 8.1 through 9.1 CICS TX Standard version 11.1 CICS TX Advanced versions 10.1 through 11.1

Description The issue is related to the transmission of sensitive information in query parameters using an unprotected communication channel, which could be intercepted using man-in-the-middle techniques. This could allow a remote attacker to gain unauthorized access to confidential information.

Recommendations For IBM TXSeries for Multiplatforms versions 8.1 through 9.1, consider implementing secure communication protocols to protect query parameters. For CICS TX Standard version 11.1, restrict access to sensitive information transmitted via query parameters until a secure communication method is implemented. For CICS TX Advanced versions 10.1 through 11.1, disable the use of query parameters for transmitting sensitive information until a patch or secure alternative is available.