VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 14, 2022· Updated Apr 29, 2025

IBM CICS TX information disclosure

CVE-2022-34320

Description

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM CICS TX 11.1 (Advanced and Standard) uses weak cryptographic algorithms, enabling attackers to decrypt sensitive data.

Vulnerability

IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 use weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information [1], [2]. The vulnerability affects all versions of CICS TX Standard and specifically version 11.1 of CICS TX Advanced [1], [2]. IBM X-Force ID: 229464.

Exploitation

An attacker can exploit this vulnerability over the network with no authentication required and no user interaction [1], [2]. The attack complexity is high, meaning successful exploitation requires significant effort or specific conditions [1], [2]. There is no need for privileges or write access to the system.

Impact

Successful exploitation results in the decryption of highly sensitive information, leading to a high loss of confidentiality [1], [2]. Integrity and availability are not affected. The scope of the compromise remains unchanged, and the attacker gains no additional privileges beyond the decrypted data.

Mitigation

IBM has released interim fixes for both CICS TX Advanced (defect 127926) and CICS TX Standard (defect 127926) on their support portal [1], [2]. No workarounds or mitigations are available; applying the fix is required [1], [2].

References
  1. IBM CICS TX Advanced is vulnerable to attack because it uses weak crytopgraphic algorithms (CVE-2022-34320).
  2. Security Bulletin: IBM CICS TX Standard is vulnerable to attack because it uses weak crytopgraphic algorithms (CVE-2022-34320).

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/CICS TXllm-fuzzy2 versions
    = 11.1+ 1 more
    • (no CPE)range: = 11.1
    • (no CPE)range: 11.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.