VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 14, 2022· Updated Apr 30, 2025

IBM CICS TX phishing

CVE-2022-38705

Description

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM CICS TX Standard and Advanced 11.1 are vulnerable to reverse tabnabbing, allowing remote attackers to redirect victims to phishing sites.

Vulnerability

IBM CICS TX Standard (all versions) and Advanced (11.1) contain a reverse tabnabbing flaw [1][2]. The vulnerability arises from improper handling of links, allowing an attacker to bypass security restrictions and redirect a victim to a malicious site.

Exploitation

An attacker can craft a malicious link that, when clicked by a victim, opens a fake page in a new tab. The attack requires user interaction (clicking the link) and has high attack complexity (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). No authentication is needed [1][2].

Impact

Successful exploitation leads to integrity impact: the victim may be redirected to a phishing site, potentially revealing sensitive information. Confidentiality and availability are not affected [1][2].

Mitigation

IBM has released fixes for both affected products. For CICS TX Advanced 11.1, download the fix (defect 127901) from IBM support [1]. For CICS TX Standard 11.1, download the fix from IBM support [2]. No workarounds are available [1][2].

References
  1. Security Bulletin: IBM CICS TX Advanced is vulnerable to a reverse tabnabbing attack (CVE-2022-38705).
  2. Security Bulletin: IBM CICS TX Standard is vulnerable to a reverse tabnabbing attack (CVE-2022-38705).

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/CICS TXllm-create2 versions
    11.1+ 1 more
    • (no CPE)range: 11.1
    • (no CPE)range: 11.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.