IBM CICS TX information disclosure

Vulnerability

IBM CICS TX Standard and Advanced version 11.1 have a vulnerability where web pages are stored in a local filesystem location that can be accessed by other users on the same system [1, 2]. This affects the default configuration and requires no special authentication to exploit if an attacker has local access.

Exploitation

An attacker with local system access (e.g., a non-privileged user on the same machine) can browse to the directory where web pages are stored and read them [1, 2]. No network-level privileges or user interaction is needed beyond having a local account on the system.

Impact

Successful exploitation allows an attacker to read cached or stored web pages, which may contain sensitive information such as authentication tokens, session data, or other confidential content. The CVSS 3.0 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates low confidentiality impact with no integrity or availability impact [1, 2].

Mitigation

IBM has released interim fixes for both products. For IBM CICS TX Advanced 11.1, download the fix from the IBM support page referenced as defect 127903 [1]. For IBM CICS TX Standard 11.1, download the fix from the IBM support page referenced as defect 127902 [2]. No workarounds are available [1, 2].