CVE-2022-34316
LOWIBM CICS TX 11.1 - Cross-Site Scripting via HTTP Headers
Title source: llmDescription
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.
References (3)
Core 3
Core References
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/6833176
Patch, Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/6833178
VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/229452
Scores
CVSS v3
3.7
EPSS
0.0064
EPSS Percentile
45.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-644
CWE-116
Status
published
Products (1)
ibm/cics_tx
11.1 (2 CPE variants)
Published
Nov 14, 2022
Tracked Since
Feb 18, 2026