cve/2023/CVE-2023-33849.md

### [CVE-2023-33849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33849)
![](https://img.shields.io/static/v1?label=Product&message=CICS%20TX%20Advanced&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=CICS%20TX%20Standard&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TXSeries%20for%20Multiplatforms&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.1%2C%2011.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3D%208.1%2C%208.2%2C%209.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen)

### Description

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.  IBM X-Force ID:  257105.

### POC

#### Reference
- https://www.ibm.com/support/pages/node/7001687

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-33849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33849)`
			`![](https://img.shields.io/static/v1?label=Product&message=CICS%20TX%20Advanced&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=CICS%20TX%20Standard&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=TXSeries%20for%20Multiplatforms&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.1%2C%2011.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%208.1%2C%208.2%2C%209.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen)`

			`### Description`

			`IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105.`

			`### POC`

			`#### Reference`
			`- https://www.ibm.com/support/pages/node/7001687`

			`#### Github`
			`No PoCs found on GitHub currently.`