The other issue with CICS TX is that the X.509 certificates are only accepted from trusted sources such as the LDAP server, or if the certificate is self-signed, the source must be verified. Even though the source is validated, X.509 certificate validation happens after the user authentication, which means an attacker could have control of the user's session and impersonate that user. Attackers may be able to do this by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site the user goes to. The attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 214062. The CICS TX product also does not have any mechanism in place to mitigate cache poisoning attacks. Attackers may be able to do this by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site the user goes to. The attacker can then poison the cache of the site by sending a http:// request to the site. The same process may be done by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site the user goes to. The attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. IBM CICS TX 11.1 does not have any mechanism in place to mitigate cross-referencing attacks. Attackers may be

Vulnerabilities in CICS TX

#5 Vulnerabilities in CICS TX: Cache Poisoning
IBM CICS TX 11.1 does not have any mechanism in place to mitigate cache poisoning attacks. Attackers may be able to do this by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site the user goes to. The attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.

IBM CICS TX 11.1 - Insecure Direct Object References

The CICS TX product does not have any mechanism in place to mitigate cross-referencing attacks. Attackers may be able to do this by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site the user goes to. The attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.
IBM CICS TX 11.1 does not have any mechanism in place to mitigate cache poisoning attacks. Attackers may be able to do this by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site the user goes to. The attacker can then poison the cache of the site by sending a http:// request to the site. The same process may be done by obtaining a valid X.509 certificate for the LDAP server and planting an insecure link to the certificate in the site
the user goes to, or if he is using SSL, he could also intercept that traffic and use it as part of his attack process.

Timeline

Published on: 11/14/2022 18:15:00 UTC
Last modified on: 11/16/2022 20:41:00 UTC

References