{"api_version":"1","generated_at":"2026-04-22T19:07:51+00:00","cve":"CVE-2023-33849","urls":{"html":"https://cve.report/CVE-2023-33849","api":"https://cve.report/api/cve/CVE-2023-33849.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-33849","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-33849"},"summary":{"title":"CVE-2023-33849","description":"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.  IBM X-Force ID:  257105.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2023-06-07 22:15:00","updated_at":"2023-06-15 16:56:00"},"problem_types":["CWE-311"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/7001687","name":"https://www.ibm.com/support/pages/node/7001687","refsource":"MISC","tags":[],"title":"Security Bulletin: \"Administration Console can process body parameters that were submitted in the query\" may affect IBM TXSeries for Multiplatforms","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/7001697","name":"https://www.ibm.com/support/pages/node/7001697","refsource":"MISC","tags":[],"title":"Security Bulletin: \"Administration Console can process body parameters that were submitted in the query\"  may affect IBM CICS TX Advanced","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/7001695","name":"https://www.ibm.com/support/pages/node/7001695","refsource":"MISC","tags":[],"title":"Security Bulletin: \"Administration Console can process body parameters that were submitted in the query\" may affect IBM CICS TX Standard","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/257105","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/257105","refsource":"MISC","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-33849","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33849","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"33849","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"hp","cpe5":"hp-ux","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"aix","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cics_tx","cpe6":"10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"advanced","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cics_tx","cpe6":"11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"advanced","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"cics_tx","cpe6":"11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"standard","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"txseries_for_multiplatforms","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"txseries_for_multiplatforms","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"txseries_for_multiplatforms","cpe6":"9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"33849","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-33849","ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques.  IBM X-Force ID:  257105."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-311 Missing Encryption of Sensitive Data","cweId":"CWE-311"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"TXSeries for Multiplatforms","version":{"version_data":[{"version_affected":"=","version_value":"8.1, 8.2, 9.1"}]}},{"product_name":"CICS TX Standard","version":{"version_data":[{"version_affected":"=","version_value":"11.1"}]}},{"product_name":"CICS TX Advanced","version":{"version_data":[{"version_affected":"=","version_value":"10.1, 11.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/257105","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/257105"},{"url":"https://www.ibm.com/support/pages/node/7001687","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/7001687"},{"url":"https://www.ibm.com/support/pages/node/7001697","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/7001697"},{"url":"https://www.ibm.com/support/pages/node/7001695","refsource":"MISC","name":"https://www.ibm.com/support/pages/node/7001695"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-07 22:15:00","lastModifiedDate":"2023-06-15 16:56:00","problem_types":["CWE-311"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}