Site icon API Security Blog

Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Standard

## Summary

WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs.

## Vulnerability Details

** CVEID: **[CVE-2022-37734]()
** DESCRIPTION: **GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235781]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM CICS TX Standard| All

## Remediation/Fixes

IBM recommends you apply these fixes.

**Product**

| **VRMF**| **APAR**| **Remediation / First Fix**
—|—|—|—
IBM CICS TX Standard| 11.1| Updated Liberty is shipped along with IFIX image and made available on Fix Central|

_Linux: [Fix Central Link]( “https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+Standard&fixids=ibm-cics-tx-standard-image-11.1.0.0-ifix6&source=SAR” )_

## Workarounds and Mitigations

None

##Read More

Exit mobile version