IBM CICS TX clickjacking

Vulnerability

IBM CICS TX Advanced 11.1 and IBM CICS TX Standard (all versions, specifically 11.1) are vulnerable to a clickjacking attack (CVE-2022-34318). The vulnerability allows a remote attacker to hijack the clicking action of a victim by persuading them to visit a malicious website [1][2].

Exploitation

An attacker must convince a victim to visit a crafted malicious website. The victim must be authenticated to the CICS TX application (CVSS PR:L indicates low privileges required for the attacker, but the attack vector is network-based with low complexity). Once the victim interacts with the malicious page, the attacker can hijack click actions, potentially tricking the victim into performing unintended actions within the CICS TX interface [1][2].

Impact

Successful exploitation allows the attacker to hijack the victim's click actions, leading to low confidentiality and low integrity impact with a changed scope (CVSS 5.4). This could enable further attacks such as unauthorized transactions or information disclosure, depending on the victim's privileges [1][2].

Mitigation

IBM has released interim fixes for both IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1. The fixes are available for download from IBM support [1][2]. No workarounds are provided; applying the fix is recommended.