CVE-2022-34307

Name of the Vulnerable Software and Affected Versions IBM CICS TX version 11.1

Description The issue is related to the lack of secure attribute setting on authorization tokens or session cookies. Attackers can exploit this by sending a http:// link to a user or planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.

Recommendations For IBM CICS TX version 11.1, consider setting the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure links. As a temporary workaround, restrict access to sensitive information and avoid using insecure links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.