QID 375466

IBM CICS Transaction Gateway is a connector for enterprise modernization of CICS assets
There are multiple vulnerabilities in IBM Runtime Environment Java Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs.

An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

Affected Versions:
8.0.0.0-8.0.0.6 8.1.0.0-8.1.0.5 9.0.0.0-9.0.0.5 9.1.0.0-9.1.0.3 9.2.0.0-9.2.0.2

QID Detection Logic (Authenticated):
This QID checks for vulnerable version of IBM Cognos Analytics by checking the registry file.

Allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
Allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
Allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.