CVE-2022-34313

Name of the Vulnerable Software and Affected Versions IBM CICS TX version 11.1

Description The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers can exploit this by sending a http:// link to a user or by planting this link in a site the user visits, allowing them to obtain the cookie value by snooping the traffic.

Recommendations For IBM CICS TX version 11.1, set the secure attribute on authorization tokens or session cookies to prevent them from being sent over insecure links. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.