IBM CICS TX cross-site scripting

Vulnerability

CVE-2022-34317 is a cross-site scripting (XSS) vulnerability in IBM CICS TX Advanced and Standard, version 11.1 (Advanced) and all versions (Standard) [1][2]. The vulnerability resides in the Web UI component, allowing an authenticated user with low privileges to embed arbitrary JavaScript code into the interface. The root cause is insufficient sanitization of user-supplied input, making the application vulnerable to stored XSS attacks.

Exploitation

An attacker must have a valid user account with low privileges on the affected IBM CICS TX system. By injecting malicious JavaScript into the Web UI, the attacker can trigger the payload when other users (including those with higher privileges) view the affected page within the same trusted session. The CVSS vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates network access with low complexity, but requires user interaction (the victim must visit the crafted page) [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to alteration of intended Web UI functionality and potential disclosure of credentials or sensitive session data. The impact is limited to confidentiality and integrity of the web session (low severity), and the scope is changed (interacting with other resources) [1][2].

Mitigation

IBM has released fixes for both CICS TX Advanced (version 11.1) and CICS TX Standard (version 11.1) via download [1][2]. The advisory states no workarounds or mitigations are available; applying the interim fix is the only remediation. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.