Primary

Context

IBM CICS TX and TXSeries for Multiplatforms Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A vulnerability allowing local users to execute arbitrary code has been identified in IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1. This issue arises from the products' improper handling of DNS return requests by the gethostbyname function, leading to an out-of-bounds write vulnerability. Additionally, according to IBM, this vulnerability involves the use of inherently dangerous functions, which can also be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the affected system.

Remediation

Users are advised to upgrade to IBM CICS TX Advanced 10.1 or 11.1.0.0. If using version 10.1, download the fix from Fix Central. For version 11.1, also download the fix from Fix Central.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM CICS TX and TXSeries for Multiplatforms Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM CICS TX Advanced

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating