Primary

Context

IBM CICS TX Standard and Advanced Arbitrary Code Execution Vulnerability via Insecure Function Usage

Vulnerability

Patched

A vulnerability allowing local users to execute arbitrary code has been identified in IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1. This issue arises from the use of inherently dangerous functions, specifically 'gets', which can lead to buffer overflows. The vulnerability is present in several different versions and ranges of the affected products.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Remediation

Users are advised to upgrade to IBM CICS TX Standard 11.1 or IBM CICS TX Advanced 10.1 or 11.1. The necessary fixes can be downloaded from IBM Fix Central.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM CICS TX Standard and Advanced Arbitrary Code Execution Vulnerability via Insecure Function Usage

Vulnerability

Impact

Remediation

Affected Products

IBM CICS TX Standard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating