CVE-2023-33847

Name of the Vulnerable Software and Affected Versions IBM TXSeries for Multiplatforms versions 8.1 through 9.1 CICS TX Standard version 11.1 CICS TX Advanced versions 10.1 through 11.1

Description The issue arises because the software does not set the secure attribute on authorization tokens or session cookies. This allows attackers to potentially obtain cookie values by sending a user a http:// link or by planting this link in a site the user visits. The cookie will be sent to the insecure link, and the attacker can then obtain the cookie value by snooping the traffic.

Recommendations For IBM TXSeries for Multiplatforms versions 8.1 through 9.1, consider configuring the software to set the secure attribute on authorization tokens and session cookies. For CICS TX Standard version 11.1, update the configuration to ensure the secure attribute is set for authorization tokens and session cookies. For CICS TX Advanced versions 10.1 through 11.1, modify the settings to include the secure attribute on authorization tokens and session cookies.